LOWPhishing
Global

ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365

·Source: Cisco Talos

Updated:

Executive Summary

Talos has identified "ARToken," a phishing-as-a-service platform that targets Microsoft 365. The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token persistence, email access, BEC operations, and SharePoint exfiltration.

Analysis

Talos has identified "ARToken," a phishing-as-a-service platform that targets Microsoft 365. The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token persistence, email access, BEC operations, and SharePoint exfiltration.
Source Attribution

Originally published by Cisco Talos on Jul 1, 2026.

Related Threats