ARToken: A New PhaaS Armoring EvilTokens’ Microsoft 365 Toolkit

1 min read
Source: BleepingComputer
ARToken: A New PhaaS Armoring EvilTokens’ Microsoft 365 Toolkit
Photo: BleepingComputer
TL;DR Summary

Cisco Talos flags ARToken as a new phishing-as-a-service platform allied with EvilTokens, offering a wide toolkit to steal Microsoft 365 tokens, maintain persistence with Primary Refresh Tokens, and access Outlook, SharePoint, and OneDrive. It uses Cloudflare Workers for deployment, supports multi-tenant campaigns, and includes inbox rules, keyword monitoring, and data exfiltration tools. The kit mirrors EvilTokens’ device-code phishing flow to bypass MFA, with research suggesting a shared ecosystem and AI-enabled workflows that automate BEC-style fraud. Security teams should prioritize behavioral AI defenses and robust email security controls.

Share this article

Reading Insights

Total Reads

1

Unique Readers

4

Time Saved

5 min

vs 6 min read

Condensed

92%

1,07787 words

Want the full story? Read the original article

Read on BleepingComputer