ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit
ID: 33ff9b03-9b6e-54eb-a8b0-6cd865a8b92d
STIX ID: report--33ff9b03-9b6e-54eb-a8b0-6cd865a8b92d
Feed Name: Bleeping Computer
Threat Score
**Executive Summary:** ARToken is a phishing-as-a-service (PhaaS) linked to the EvilTokens platform that automates Microsoft 365 account compromise via device code phishing, enabling attackers to steal and refresh authentication tokens (including persistent Primary Refresh Tokens), access Outlook mailboxes, SharePoint and OneDrive, and conduct business email compromise at scale through multi-tenant management, AI-driven workflows, and Cloudflare Workers deployment.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
