EvilTokens turns Microsoft’s device code flow into a phishing tool for account takeover

A new phishing-as-a-service platform called EvilTokens is helping cybercriminals hijack Microsoft 365 accounts by abusing Microsoft’s legitimate device code authentication flow. Sekoia says the kit began circulating in phishing-focused underground communities in early March 2026 and stands out because it does not need a fake Microsoft login page to steal credentials in the usual way. […] The post EvilTokens turns Microsoft’s device code flow into a phishing tool for account takeover appeared first on VPN Central.