A new phishing-as-a-service (PhaaS) platform dubbed “ARToken” appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365.
Cisco Talos researchers discovered the platform while investigating phishing infrastructure used in an incident response engagement and identified a React-based management panel called “ARToken Panel” that exposed more than 80 API endpoints.
Reverse engineering the client-side JavaScript code revealed previously undocumented capabilities that extend well beyond what you would normally find in a phishing platform.
