LEGALAUDIT

Scam Watch

Come riconoscere Kali365 PhaaS Kit Steals Microsoft 365 Access via OAuth Device Code Bypass?

In breve

A new phishing as a service platform called Kali365 is making Microsoft 365 accounts easier to compromise. Sold via Telegram, it lets even non technical attackers capture OAuth tokens and bypass MFA entirely—no passwords stolen, no...

Come funziona

A new phishing as a service platform called Kali365 is making Microsoft 365 accounts easier to compromise. Sold via Telegram, it lets even non technical attackers capture OAuth tokens and bypass MFA entirely—no passwords stolen, no...

Indicatori rossi

  • Never enter device codes from unsolicited emails—Microsoft never sends verification codes via email
  • Review connected devices in your Microsoft account settings and remove any unrecognized sessions
  • If you receive a suspicious verification request, deny it and report it at ic3.gov This threat affects any Microsoft 365 user—pe

Cosa fare

  1. 1Sold via Telegram, it lets even non technical attackers capture OAuth tokens and bypass MFA entirely—no passwords stolen, no credential interception needed.
  2. 2How the attack unfolds: You receive an email impersonating a trusted cloud service (Microsoft, Dropbox, etc.) containing a "device code" and instructions to verify on the real Microsoft login page.
  3. 3Three red flags to watch: Unexpected emails asking you to verify a "device code" or "authorization code" Urgency language to complete verification quickly Links directing you to Microsoft verification pages from third party emails Three actions to take now: 1.

Fonte

fbi-ic3

Fonte verificata da Mythos Forensic Team

https://www.ic3.gov/PSA/2026/PSA260521

FAQ

Kali365 PhaaS Kit Steals Microsoft 365 Access via OAuth Device Code Bypass e una truffa reale?

Si. Tratta messaggi, chiamate o richieste di pagamento come sospette finche non le verifichi da un canale ufficiale.

Quali sono i primi segnali?

Never enter device codes from unsolicited emails—Microsoft never sends verification codes via email; Review connected devices in your Microsoft account settings and remove any unrecognized sessions; If you receive a suspicious verification request, deny it and report it at ic3.gov This threat affects any Microsoft 365 user—pe

Cosa devo fare subito?

Sold via Telegram, it lets even non technical attackers capture OAuth tokens and bypass MFA entirely—no passwords stolen, no credential interception needed.; How the attack unfolds: You receive an email impersonating a trusted cloud service (Microsoft, Dropbox, etc.) containing a "device code" and instructions to verify on the real Microsoft login page.; Three red flags to watch: Unexpected emails asking you to verify a "device code" or "authorization code" Urgency language to complete verification quickly Links directing you to Microsoft verification pages from third party emails Three actions to take now: 1.

LegalAudit puo controllare il mio caso?

Si. Apri la chat gratis e incolla messaggio, link, mittente o dati di pagamento per un triage.