A new phishing-as-a-service toolkit called EvilTokens is driving an increase in device code phishing attacks targeting Microsoft 365 users. This attack vector tricks users into authenticating via a legitimate Microsoft device code flow, allowing attackers to steal their access and refresh tokens. The article does not provide specific version ranges, patch details, or CVSS scores for this threat.
Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availability of EvilTokens, a new, specialized phishing toolkit that’s being offered as-a-service via Telegram. What is device code phishing? Device code phishing is a type of attack where attackers trick users into logging into their account by using a real authentication flow, then steal their access and refresh tokens. Microsoft provides the … More → The post EvilTokens ramps up device code phishing targeting Microsoft 365 users appeared first on Help Net Security .