Security · 1h ago
EvilTokens phishing kit evolves into full BEC platform
Cisco Talos researchers reveal that the EvilTokens device-code phishing kit has expanded into a complete business email compromise operations environment. The kit now includes automated credential harvesting, session hijacking, and multi-factor authentication bypass capabilities. It targets Microsoft 365 and Google Workspace users through sophisticated OAuth device-code flow attacks.
Meridian48 take
The kit's evolution from a simple phishing tool to a full BEC platform underscores how cybercriminal tooling is becoming more modular and enterprise-grade, lowering the barrier for less skilled attackers.
Read the full reporting
EvilTokens device-code phishing kit totally more evil than we all thought →
The Register
phishing-kitbec-operations