ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365

  • Cisco Talos identified a fully-featured phishing-as-a-service (PhaaS) operator panel, branded "ARToken," that shares infrastructure, API contracts, and operational patterns with the EvilTokens platform documented by Sekoia and Microsoft in early 2026.
  • The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh

This article has been indexed from Cisco Talos Blog

Read the original article: