Huntress — EvilTokens AI PhaaS Platform Drives 1,380% Surge in Device Code Phishing
AI relevance: EvilTokens integrated generative AI into every stage of the phishing kill chain—from hyper-personalized lure generation to post-compromise inbox analysis and BEC scenario planning—demonstrating how AI lowers the skill barrier for sophisticated identity attacks to a $600 subscription.
What Happened
- Huntress published research on EvilTokens, a phishing-as-a-service (PhaaS) platform marketed via Telegram with subscriptions starting at $600, that combined AI, legitimate cloud infrastructure, and real Microsoft authentication flows to steal M365 access tokens.
- Device code phishing attacks surged 1,380% between July–December 2025 and January–April 2026, with Huntress and Microsoft jointly recording a 10x increase in the first half of 2026 compared to the second half of 2025.
- Device code phishing exploits the legitimate OAuth flow designed for devices like smart TVs: attackers generate a real device code from Microsoft, trick victims into visiting the genuine Microsoft login page and entering the code, then steal the resulting access token—no fake pages, no malware.
- AI powered three attack stages: (1) unique, personalized phishing emails for each of 344 victim organizations in a single wave, (2) post-compromise AI pipeline that read victim inboxes/calendars to identify high-value BEC targets, and (3) AI-driven social engineering scenario planning for follow-on attacks.
- The platform hosted phishing pages on Cloudflare Workers and wrapped malicious URLs in redirect links from trusted security vendors (Cisco, Trend Micro, Mimecast) to bypass email filters.
- 57.5% of device code phishing attacks traced to Railway (developer PaaS) or BL Networks (crypto-friendly hosting), whose clean IP reputations meant Microsoft's risk scoring flagged zero incidents.
- When Huntress deployed Conditional Access Policies to block Railway IPs, over 600 incidents were prevented mid-campaign; attackers pivoted to BL Networks within days.
- EvilTokens operates with SaaS polish: Telegram channel with pricing tiers ($600 B2B Sender, $1,000 SMTP Sender, $1,500 Office 365 Capture Link), demo videos, feature updates, and 24/7 support.
Why It Matters
This is not a theoretical attack. Victims interacted entirely with legitimate Microsoft infrastructure—real login pages, real MFA prompts—making the attack nearly impossible to recognize. The AI integration means defenders now face hyper-personalized lures at machine speed, with no two phishing messages identical across 344 organizations. The identity layer has become the primary battleground, and PhaaS platforms have lowered the skill barrier to near zero.
What to Do
- Search sign-in logs for authentications from Railway IP addresses—any successful auth from that space should be treated as confirmed compromise.
- Block device code authentication flows in Microsoft 365 via Conditional Access, restricting to only identities that genuinely require it.
- For confirmed compromises: disable the account, revoke refresh tokens, review all Graph API queries, audit newly registered devices.
- Enable Continuous Access Evaluation to reduce token revocation latency from ~1 hour to minutes.
- Update user training: entering a code on a genuine Microsoft login page can still be the final step in a phishing attack.