LEGALAUDIT

Scam Watch

Comment reconnaitre Kali365 PhaaS Kit Steals Microsoft 365 Access via OAuth Device Code Bypass?

En bref

A new phishing as a service platform called Kali365 is making Microsoft 365 accounts easier to compromise. Sold via Telegram, it lets even non technical attackers capture OAuth tokens and bypass MFA entirely—no passwords stolen, no...

Comment ca fonctionne

A new phishing as a service platform called Kali365 is making Microsoft 365 accounts easier to compromise. Sold via Telegram, it lets even non technical attackers capture OAuth tokens and bypass MFA entirely—no passwords stolen, no...

Signaux d'alerte

  • Never enter device codes from unsolicited emails—Microsoft never sends verification codes via email
  • Review connected devices in your Microsoft account settings and remove any unrecognized sessions
  • If you receive a suspicious verification request, deny it and report it at ic3.gov This threat affects any Microsoft 365 user—pe

Que faire

  1. 1Sold via Telegram, it lets even non technical attackers capture OAuth tokens and bypass MFA entirely—no passwords stolen, no credential interception needed.
  2. 2How the attack unfolds: You receive an email impersonating a trusted cloud service (Microsoft, Dropbox, etc.) containing a "device code" and instructions to verify on the real Microsoft login page.
  3. 3Three red flags to watch: Unexpected emails asking you to verify a "device code" or "authorization code" Urgency language to complete verification quickly Links directing you to Microsoft verification pages from third party emails Three actions to take now: 1.

Source

fbi-ic3

Source verifiee par Mythos Forensic Team

https://www.ic3.gov/PSA/2026/PSA260521

FAQ

Kali365 PhaaS Kit Steals Microsoft 365 Access via OAuth Device Code Bypass est une vraie arnaque ?

Oui. Traitez le message, l'appel ou la demande de paiement comme suspect jusqu'a verification via un canal officiel.

Quels sont les premiers signaux ?

Never enter device codes from unsolicited emails—Microsoft never sends verification codes via email; Review connected devices in your Microsoft account settings and remove any unrecognized sessions; If you receive a suspicious verification request, deny it and report it at ic3.gov This threat affects any Microsoft 365 user—pe

Que faire en premier ?

Sold via Telegram, it lets even non technical attackers capture OAuth tokens and bypass MFA entirely—no passwords stolen, no credential interception needed.; How the attack unfolds: You receive an email impersonating a trusted cloud service (Microsoft, Dropbox, etc.) containing a "device code" and instructions to verify on the real Microsoft login page.; Three red flags to watch: Unexpected emails asking you to verify a "device code" or "authorization code" Urgency language to complete verification quickly Links directing you to Microsoft verification pages from third party emails Three actions to take now: 1.

LegalAudit peut-il verifier mon cas ?

Oui. Lancez le chat gratuit et collez le message, le lien, l'expediteur ou les details de paiement.