Email security

New phishing-as-a-service platform ARToken offers advanced BEC capabilities

A new business email compromise-as-a-service platform, dubbed ARToken, has been identified by Cisco Talos researchers, offering advanced capabilities beyond typical phishing kits. This platform is an affiliate of the EvilTokens operation, which has seen a significant increase in phishing attacks, partly due to AI integration. ARToken's features suggest a mature and comprehensive environment for conducting business email compromise scams, with further coverage provided by CyberScoop.

ARToken operates as an affiliate of the EvilTokens phishing-as-a-service operation, which targets Microsoft 365 accounts and bypasses multi-factor authentication. Unlike simpler phishing kits, ARToken provides advanced features such as inbox rule manipulation and shared access links, indicating a more sophisticated platform for business email compromise (BEC) fraud. The platform also boasts a seven-layer anti-analysis system for evasion.

Phishing lures observed are targeted, mimicking legitimate vendor communications, such as an outstanding invoice inquiry, to trick accounts payable personnel. While the full scope of its usage and the identity of its operators remain unclear, the public sector has been observed as a target, though it is likely not the only sector affected.

Source: CyberScoop

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds