BleepingComputer reports that organizations around the world, particularly in the U.S., Canada, France, Australia, India, Switzerland, and the United Arab Emirates, have been subjected to attacks involving the nascent EvilTokens device code phishing kit compromising Microsoft accounts.Intrusions commence with the distribution of malicious emails with documents purporting to be financial documents and other legitimate business content, which include a link diverting to a trusted service-spoofing website showing a verification code, according to a Sekoia report. Included within the site is a "Continue to Microsoft" button that redirects to a legitimate Microsoft device login page, where victims are then deceived into authenticating a requested device code to the attacker-supplied URL.Doing so provides threat actors with access to a temporary access token and another refresh token, which could be leveraged to compromise email accounts, files, and Teams information. Further analysis of EvilTokens revealed that the phishing-as-a-service kit also enabled business email compromise attacks.
Phishing, Identity, Threat Intelligence

Global Microsoft device code phishing facilitated by novel EvilTokens kit

(Adobe Stock)

Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



