Tag

Device Code Phishing

All articles tagged with #device code phishing

ARToken: A New PhaaS Armoring EvilTokens’ Microsoft 365 Toolkit
security7 days ago

ARToken: A New PhaaS Armoring EvilTokens’ Microsoft 365 Toolkit

Cisco Talos flags ARToken as a new phishing-as-a-service platform allied with EvilTokens, offering a wide toolkit to steal Microsoft 365 tokens, maintain persistence with Primary Refresh Tokens, and access Outlook, SharePoint, and OneDrive. It uses Cloudflare Workers for deployment, supports multi-tenant campaigns, and includes inbox rules, keyword monitoring, and data exfiltration tools. The kit mirrors EvilTokens’ device-code phishing flow to bypass MFA, with research suggesting a shared ecosystem and AI-enabled workflows that automate BEC-style fraud. Security teams should prioritize behavioral AI defenses and robust email security controls.

Tycoon2FA Expands to Device-Code Phishing Targeting Microsoft 365
security1 month ago

Tycoon2FA Expands to Device-Code Phishing Targeting Microsoft 365

A new Tycoon2FA variant uses device-code phishing via a Trustifi click-tracking URL to hijack Microsoft 365 accounts by steering victims to the legitimate device-login flow at microsoft.com/devicelogin, granting attackers OAuth tokens and access to email, calendar, and files. After a takedown, the kit resurfaced with obfuscation and new delivery chains, prompting defenders to disable the device-code flow when not needed, restrict OAuth permissions, enable Continuous Access Evaluation, and monitor Entra logs for deviceCode activity and related IoCs.