Threats Tagged 'oauth device-code phishing'
View all threats tagged with 'oauth device-code phishing'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'oauth device-code phishing'
Click on any threat for detailed analysis and mitigation recommendations
"Ghost" Code Phishing Analysis 0 EvilTokens is a sophisticated phishing kit that conceals critical components of its attack through browser-side AES-GCM encryption, creating visibility gaps for traditional static URL analysis. The kit exploits Microsoft's legitimate device login flow through OAuth device-code phishing to gain account access without directly stealing passwords. Targeting organizations primarily in the United States and Europe, EvilTokens focuses on managed security services, technology, manufacturing, education, banking, and consulting sectors. The encrypted landing page only reveals its malicious content after browser decryption, requiring dynamic analysis to uncover the complete attack chain. The kit uses multiple stages including gate checks, user code requests, and session monitoring to complete Microsoft 365 account takeovers while appearing legitimate through final redirects to OneDrive. Join the discussion | AlienVault OTX General | 06/23/2026, 22:03:16 UTC Added: 06/24/2026, 17:24:12 UTC |
Showing 1 to 1 of 1 result