Cybersecurity Alert: EvilTokens and the Emerging Threat of AI-Powered Phishing
In a startling revelation, cybersecurity firm Huntress has disclosed that hundreds of organizations fell victim to a sophisticated phishing scheme in the early months of 2026, despite employing two-factor authentication. This alarming trend raises critical questions about the effectiveness of current security measures. The findings, detailed in the report titled “EvilTokens and the Rise of AI-Powered Phishing,” unveil a criminal operation that is turning traditional cybersecurity assumptions on their head.
The report outlines a sophisticated "phishing-as-a-service" (PhaaS) platform that leverages artificial intelligence, reputable cloud infrastructure, and genuine Microsoft authentication processes to illegally appropriate access tokens from Microsoft 365 accounts at an unprecedented scale. Huntress noted an astounding 1,380% surge in device code phishing attacks over a mere six-month timeline—from July to December 2025, and into the early part of 2026. Many victims remained blissfully unaware, believing that their multi-factor authentication defenses were sufficient.
Understanding Device Code Phishing
At the heart of this criminal scheme is a technique known as device code phishing. This method exploits the legitimate OAuth authentication flow originally designed for devices that face challenges in password input, such as smart TVs. In this scenario, attackers generate a legitimate device code from Microsoft and deceive users into navigating to the authentic Microsoft authentication page to enter the code. Victims believe they are completing a secure login, complete with multifactor authentication. However, because the attacker initiated the process, they end up acquiring the resultant access token.
These attacks are uniquely insidious, lacking the telltale signs of phishing such as fake pages, malware, or suspicious attachments. As victims interact solely with authentic Microsoft infrastructure, detection becomes exceedingly difficult.
Dave Kleinatland, Principal Product Researcher at Huntress, remarked, “Device code phishing works really well because the user is typically only exposed to real Microsoft links and logins.” This highlights the ingenuity of the attack, as traditional defenses often fail to catch such nuanced tactics.
AI Integration: The Game Changer
What differentiates EvilTokens from prior phishing toolkits is its profound integration of artificial intelligence across the entire attack sequence. The platform, which is marketed through Telegram and priced starting at $600 per subscription, employs AI at multiple stages of operation:
-
Lure Personalization: Techniques powered by AI craft unique, customized phishing emails for each target based on their job roles and current contexts. During a single assault that impacted 344 organizations, no two phishing emails were identical—an extreme form of personalization that traditional phishing campaigns typically cannot match.
-
Post-Compromise Analysis: After successfully capturing a token, AI systems automatically sift through the victim’s inbox, calendar, and documents to unearth high-value targets and financial threads suitable for business email compromise attacks.
- Business Email Compromise Planning: Utilizing AI, the platform outlines potential follow-up attack strategies. It identifies colleagues that the attackers can impersonate and devises social engineering messages to target them.
Additionally, the criminals host their phishing landing pages on legitimate infrastructures like Cloudflare Workers. By embedding malicious URLs within trusted redirect links from established security vendors such as Cisco, Trend Micro, and Mimecast, these emails successfully evade standard filtering mechanisms.
The Infrastructure Advantage
A key factor contributing to the success of this campaign lies in its use of legitimate cloud platforms for its attack infrastructure. Huntress traced a significant wave of attacks back to Railway, a platform that allows rapid deployment of internet-facing applications. Railway’s clean reputation meant that Microsoft’s risk-scoring system flagged no incidents related to its infrastructure.
In fact, 57.5% of the device code phishing attacks documented by Huntress were linked to either Railway or BL Networks, which underpins BitLaunch, a cloud hosting service that accepts cryptocurrency payments. When Huntress acted to block Railway IP addresses through a Conditional Access Policy, they successfully thwarted over 600 incidents mid-campaign. Yet, within days, the attackers had shifted their operations to BL Networks’ servers.
Lindsey O’Donnell-Welch from Huntress emphasized the campaign’s danger: “This campaign was so dangerous because it combined clean, reputable cloud infrastructure with device code phishing that abused legitimate authentication processes.”
The Criminal Marketplace
EvilTokens operates with a level of polish typically seen in legitimate software businesses. Its Telegram channel not only showcases various pricing structures but also provides demo videos, feature updates, and a continuous support team. The offerings include a Business-to-Business (B2B) Sender starting at $600, SMTP Sender at $1,000, and an Office 365 Capture Link (which contains the device code phishing kit) priced at $1,500.
With a subscription, users gain access to a comprehensive dashboard with customizable phishing templates, token management panels, and role-based access controls. The barrier to launching sophisticated, AI-personalized identity attacks has been significantly lowered to merely a subscription fee.
Recommendations for Defenders
In response to this evolving threat landscape, Huntress underscores that no single solution can fully counter this sophisticated attack chain. Their recommendations include:
- Conducting sign-in logs to identify authentications from Railway IP addresses.
- Blocking device code authentication flows in Microsoft 365 through Conditional Access, limiting this feature to necessary identities only.
- For confirmed compromises, disabling accounts, revoking refresh tokens, reviewing all initiated Graph API queries, and auditing new devices.
- Implementing Continuous Access Evaluation to accelerate token revocation time from approximately one hour to mere minutes.
- Updating user training to reflect the modern reality that even interactions with legitimate Microsoft pages can lead to breaches.
Conclusion: A Shift in the Cyber Landscape
Kyle Hanslovan, CEO of Huntress and a former cyber operator, views the findings as part of a pivotal shift in the cybersecurity landscape. “While most businesses are still figuring out where artificial intelligence and automated workflows fit into their operations, adversaries have already put it to work,” he noted in the report. This noteworthy report indicates a tenfold rise in device code phishing attempts during the first half of 2026 compared to the latter half of 2025.
With phishing-as-a-service platforms minimizing barriers to entry and AI enabling highly personalized lures at machine speed, the identity layer has emerged as the primary battleground in enterprise security.
To read the full EvilTokens report, including detailed indicators of compromise and protective measures for defenders, it is available here: EvilTokens Report.