Shared from twixb · bleepingcomputer.com

ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit

bleepingcomputer.com·Jul 3, 2026

The newly identified phishing-as-a-service platform "ARToken" operates as an affiliate of EvilTokens, targeting Microsoft 365 users with advanced tools for stealing authentication tokens and conducting business email compromise. Researchers found that ARToken employs sophisticated techniques, including device code phishing, to bypass multi-factor authentication and gain persistent access to victims' accounts and data.

The discovery of ARToken, a phishing-as-a-service platform affiliated with EvilTokens, highlights a significant threat to Microsoft 365 users by exploiting device code phishing to bypass MFA protections. For cybersecurity professionals, particularly those focusing on threat intelligence and incident response, prioritizing defenses against device code phishing attacks and implementing behavioral AI solutions for automated detection and response could be vital strategies to mitigate such sophisticated phishing campaigns.

Powered by twixb

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

More from Cybersecurity News

Recent stories curated alongside this one.