
ARToken Phishing Kit Uses Cloudflare Workers and SharePoint Lures to Target Microsoft 365 Users
A highly sophisticated Phishing-as-a-Service (PhaaS) platform, ARToken, is actively targeting Microsoft 365 users by chaining together Cloudflare Workers and lookalike SharePoint tenants to bypass multi-factor authentication (MFA). Emerging as an evolution of the notorious EvilTokens platform, this updated phishing kit abuses the Microsoft OAuth 2.0 Device Authorization Grant to capture victim tokens and establish persistent […]
The post ARToken Phishing Kit Uses Cloudflare Workers and SharePoint Lures to Target Microsoft 365 Users appeared first on Cyber Security News.