The newly identified phishing-as-a-service platform "ARToken" operates as an affiliate of EvilTokens, targeting Microsoft 365 users with advanced tools for stealing authentication tokens and conducting business email compromise. Researchers found that ARToken employs sophisticated techniques, including device code phishing, to bypass multi-factor authentication and gain persistent access to victims' accounts and data.
The discovery of ARToken, a phishing-as-a-service platform affiliated with EvilTokens, highlights a significant threat to Microsoft 365 users by exploiting device code phishing to bypass MFA protections. For cybersecurity professionals, particularly those focusing on threat intelligence and incident response, prioritizing defenses against device code phishing attacks and implementing behavioral AI solutions for automated detection and response could be vital strategies to mitigate such sophisticated phishing campaigns.