Phishing Kit
New EvilTokens service fuels Microsoft device code phishing attacks
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks. The kit is sold to cybercriminals over Telegram and is under continuous development, its author stating that they plan to extend support for Gmail and Okta phishing pages. Device […]
Phishing campaign targets freight and logistics orgs in the US, Europe
A financially motivated threat group dubbed “Diesel Vortex” is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains. In a campaign that has been running since September 2025, the threat actor has stolen 1,649 unique credentials from platforms and service providers critical in the freight industry. Some of […]
Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts
The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. Originally a legitimate meeting scheduling tool for Outlook users, the module was developed by an independent publisher and has been on the Microsoft Office Add-in Store since December 2022. Office add-ins are just URLs pointing […]
Nigeria arrests dev of Microsoft 365 ‘Raccoon0365’ phishing platform
The Nigerian police arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing platform. The attacks led to business email compromise, data breaches, and financial losses affecting organizations worldwide. The law enforcement operation was possible thanks to intelligence from Microsoft, shared with the Nigeria Police Force National Cybercrime Centre (NPF–NCCC) via the FBI. The […]
New Spiderman phishing service targets dozens of European banks
A new phishing kit called Spiderman is targeting customers of numerous European banks and cryptocurrency services using pixel-perfect replicas of legitimate sites. The platform allows cybercriminals to launch phishing campaigns that can capture login credentials, two-factor authentication (2FA) codes, and credit card data. The Spiderman phishing kit, analyzed by researchers at Varonis, targets financial institutions in […]
Sneaky2FA PhaaS kit now uses redteamers’ Browser-in-the-Browser attack
The Sneaky2FA phishing-as-a-service (PhaaS) kit has added browser-in-the-browser (BitB) capabilities that are used in attacks to steal Microsoft credentials and active sessions. Sneaky2FA is a widely used PhaaS platform right now, alongside Tycoon2FA and Mamba2FA, all targeting primarily Microsoft 365 accounts. The kit was known for its SVG-based attacks and attacker-in-the-middle (AitM) tactics, where the authentication process is […]
Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide
A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users’ credentials. The kit comes pre-configured with phishing domains to allow less skilled threat actors to achieve maximum results with the least effort. Since August, analysts at security awareness company KnowBe4 have noticed Quantum Route Redirect (QRR) attacks in the wild across […]
Darcula PhaaS steals 884,000 credit cards via SMS phishing texts
The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide. The cyber heist was done over seven months between 2023 and 2024, so it does not reflect the total amount the cybercrime platform has helped to steal. These numbers come from coordinated […]
Phishing-as-a-service operation uses DNS-over-HTTPS for evasion
A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. The platform also leverages DNS email exchange (MX) records to identify victims’ email providers and to dynamically serve spoofed login pages for more than 114 brands. Morphing Meerkat has been active since at […]
Darcula PhaaS can now auto-generate phishing kits for any brand
The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand. The upcoming release, currently available as a beta, will remove the targeting scope restrictions by offering a finite number of phishing kits and allowing anyone […]