What is EvilTokens and how does it work?

EvilTokens is a malicious phishing kit specializing in Microsoft device code attacks. It lets attackers hijack accounts by proxying auth flows in real-time, perfect for BEC scams.

How to protect against EvilTokens phishing?

Block device code logins where possible, enforce hardware keys over app-based MFA, and scan for anomalous sessions in Microsoft Entra ID.

Will EvilTokens hit my Microsoft 365 account?

High chance if you're in finance or exec ranks — BEC crews prioritize high-value targets with wire transfer access. Word count: 1027.

📋 Compliance & Policy

EvilTokens: Phishing's Drag-and-Drop Nightmare for Microsoft Logins

EvilTokens just landed, and it's arming script kiddies with pro-level phishing tools for Microsoft accounts. Business email compromise? Now easier than ever.

Threat Digest Apr 03, 2026 4 min read 13 views

EvilTokens phishing dashboard showing live Microsoft device code proxy and session hijack

⚡ Key Takeaways

EvilTokens makes advanced Microsoft device code phishing accessible to amateurs via a user-friendly dashboard. 𝕏
It enables smoothly account hijacks for BEC attacks, bypassing traditional MFA with real-time proxying. 𝕏
Expect a surge in BEC incidents; defenses need stricter auth policies and employee training. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#BEC attacks #EvilTokens #Microsoft account hijack #Microsoft phishing #device code phishing

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Vendor Blind Spots: The Third-Party Risks Quietly Torpedoing Client Security

React2Shell: How a React Bug Turned 766 Servers into Credential Vaults

Mercor Breach Exposes TeamPCP's LiteLLM Rampage in Real Time

Axios npm Poisoning: Hackers Hijack Your Dev Secrets via 100M Downloads

Stay in the loop