New EvilTokens service fuels Microsoft device code phishing attacks
Summary
A new malicious service known as EvilTokens has emerged, specifically designed to facilitate device code phishing attacks targeting Microsoft accounts. This kit enhances business email compromise (BEC) attacks by enabling threat actors to hijack user sessions and gain unauthorized access.
IFF Assessment
EvilTokens represents a new tool for attackers, increasing the threat surface for organizations relying on Microsoft services and facilitating sophisticated phishing campaigns.
Defender Context
Defenders should be aware of the growing sophistication of phishing techniques, particularly those that leverage device code authorization to bypass multi-factor authentication. Organizations using Microsoft services need to reinforce user education on identifying phishing attempts and implement robust endpoint detection and response (EDR) solutions to spot anomalous account activity.