This phishing kit looks more like BEC-as-a-service

This phishing kit looks more like BEC-as-a-service
Cisco Talos uncovered ARToken, an affiliate platform tied to EvilTokens that appears to function as a “business email compromise-as-a-service” environment for phishing Microsoft 365 accounts and bypassing multi-factor authentication. The toolkit adds mature BEC features like inbox rule manipulation, shared access links, and a seven-layer anti-analysis system, with targeted lures abusing real vendor relationships and invoicing themes. #ARToken #EvilTokens #Microsoft365

Keypoints

  • Cisco Talos identified ARToken as an affiliate platform linked to EvilTokens.
  • ARToken appears to enable business email compromise operations at scale.
  • The platform includes inbox rule manipulation and shared access link features.
  • ARToken uses a seven-layer anti-analysis system to evade detection.
  • The phishing lures impersonate real vendor contacts and target accounts-payable staff.

Read More: https://cyberscoop.com/artoken-bec-platform-cisco-talos/