LEGALAUDIT

Scam Watch

Como reconocer Kali365 PhaaS Kit Steals Microsoft 365 Access via OAuth Device Code Bypass?

TLDR

A new phishing as a service platform called Kali365 is making Microsoft 365 accounts easier to compromise. Sold via Telegram, it lets even non technical attackers capture OAuth tokens and bypass MFA entirely—no passwords stolen, no...

Como funciona

A new phishing as a service platform called Kali365 is making Microsoft 365 accounts easier to compromise. Sold via Telegram, it lets even non technical attackers capture OAuth tokens and bypass MFA entirely—no passwords stolen, no...

Señales de alerta

  • Never enter device codes from unsolicited emails—Microsoft never sends verification codes via email
  • Review connected devices in your Microsoft account settings and remove any unrecognized sessions
  • If you receive a suspicious verification request, deny it and report it at ic3.gov This threat affects any Microsoft 365 user—pe

Qué hacer

  1. 1Sold via Telegram, it lets even non technical attackers capture OAuth tokens and bypass MFA entirely—no passwords stolen, no credential interception needed.
  2. 2How the attack unfolds: You receive an email impersonating a trusted cloud service (Microsoft, Dropbox, etc.) containing a "device code" and instructions to verify on the real Microsoft login page.
  3. 3Three red flags to watch: Unexpected emails asking you to verify a "device code" or "authorization code" Urgency language to complete verification quickly Links directing you to Microsoft verification pages from third party emails Three actions to take now: 1.

Fuente

fbi-ic3

Fuente verificada por Mythos Forensic Team

https://www.ic3.gov/PSA/2026/PSA260521

FAQ

Es Kali365 PhaaS Kit Steals Microsoft 365 Access via OAuth Device Code Bypass una estafa real?

Si. Trata el mensaje, la llamada o la solicitud de pago como sospechosos hasta que los verifiques por un canal oficial.

Cuales son las primeras senales?

Never enter device codes from unsolicited emails—Microsoft never sends verification codes via email; Review connected devices in your Microsoft account settings and remove any unrecognized sessions; If you receive a suspicious verification request, deny it and report it at ic3.gov This threat affects any Microsoft 365 user—pe

Que debo hacer primero?

Sold via Telegram, it lets even non technical attackers capture OAuth tokens and bypass MFA entirely—no passwords stolen, no credential interception needed.; How the attack unfolds: You receive an email impersonating a trusted cloud service (Microsoft, Dropbox, etc.) containing a "device code" and instructions to verify on the real Microsoft login page.; Three red flags to watch: Unexpected emails asking you to verify a "device code" or "authorization code" Urgency language to complete verification quickly Links directing you to Microsoft verification pages from third party emails Three actions to take now: 1.

Puede LegalAudit revisar mi caso?

Si. Abre el chat gratis y pega el mensaje, el enlace, el remitente o los datos de pago para un triage.