radar.cysentrix
2 reports · 2 sources · tracked since 2d ago

ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit

AI synthesis ARToken, a new PhaaS platform, is an affiliate of the EvilTokens phishing toolkit targeting Microsoft 365, according to researchers.

phishingmicrosoft
Why this ranks Transparent score: 14
coverage +6 source breadth +4 urgency +0 freshness +4

What changed

Coverage timeline

Every report remains linked to its original publisher.

  1. Cisco Talos First observed

    ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365 ↗

    Cisco Talos identified a fully-featured phishing-as-a-service (PhaaS) operator panel, branded "ARToken," that shares infrastructure, API contracts, and operational patterns with the EvilTokens platform documented by Sekoia and Microsoft in early 2026. The ARToken panel exposes...

  2. BleepingComputer Coverage expanded

    ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit ↗

    A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. [...]