What is Microsoft device code phishing?

It's attackers tricking users into giving OAuth device codes, bypassing MFA to access Microsoft 365 emails and data via automation and AI.

How do you stop Microsoft device code attacks ?

Block legacy auth, use conditional access, train on lures, monitor API calls — and deploy AI behavioral guards.

Is EvilTokens the main tool in these phishing attacks?

Yeah, it's the star — malware that weaponizes stolen codes for token theft and inbox raids, now widely shared underground.

🎯 Threat Intelligence

Microsoft Device Code Phishing Ravages Hundreds Daily

Hundreds of organizations crumple daily under Microsoft device code phishing. EvilTokens laugh at MFA, snatching emails and cash with ruthless automation.

theAIcatchup Apr 08, 2026 4 min read

AI-powered phishing chain targeting Microsoft device code authentication

⚡ Key Takeaways

AI and automation drive daily compromises of hundreds via Microsoft device code phishing, bypassing MFA. 𝕏
EvilTokens enable smoothly token theft for email snooping and financial data grabs. 𝕏
Urgent fixes: Entra ID policies, API monitoring, and phishing-resistant auth to stem the tide. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#EvilTokens #MFA bypass #Microsoft phishing #device code attacks

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Register Security

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

EvilTokens: Phishing's Drag-and-Drop Nightmare for Microsoft Logins

VENOM Phishing: QR Codes That Hijack C-Suite Microsoft Logins

Storm-2755's Payroll Pirates: Hijacking Canadian Paychecks via Session Theft

AI's Dark Turn: How Hackers Made It Their Ultimate Cyber Weapon

Stay in the loop