Phishing has crossed into a new phase, and the numbers are stark. Huntress reports a 1,380% increase in device code phishing attacks between July-December 2025 and January-April 2026, enabled by a campaign its researchers call EvilTokens.
What makes the surge notable is not its scale alone but its sophistication. Across 344 victim organizations caught in one wave, Huntress found that no two phishing messages were identical. That degree of per-victim tailoring once required slow, manual work. Now, the company said, it is available to any attacker for the price of a subscription.
The engine behind that scale is AI. EvilTokens is sold as a phishing-as-a-service product, a ready-made kit rented to other criminals, with AI used throughout the attack chain to write contextual lures and spin up infrastructure. The result is faster, more varied attacks that slip past filters tuned to spot repetition.
The campaign heavily used device code phishing, which abuses a legitimate Microsoft sign-in flow built for devices that cannot easily accept passwords, like smart TVs.
Because the victim logs in through a genuine authentication page and completes MFA normally, there is no malware or suspicious attachment to catch, and the attacker walks away with a working access token. Stolen tokens let intruders bypass multi-factor authentication entirely.
Trusted Infrastructure, Hidden in Plain Sight
The campaign also relied on services defenders rarely question. Huntress traced most of the activity to two providers, the developer platform Railway and the hosting network BL Networks, with roughly 30% of attacks linked to the former and 27.5% to the latter. Both carry clean reputations, letting malicious logins blend into ordinary traffic.
That is the deeper problem the report flags: every link in the chain looked legitimate. When Huntress pushed a policy to shut out the malicious infrastructure it had identified, the activity dropped, only for similar tradecraft to resurface on other no-code services within weeks.
For Huntress founder and chief executive Kyle Hanslovan, the trajectory is the worry. Attackers, he wrote, “have already put [AI] to work. And they’re learning fast.”
His broader argument is that defenses built on spotting anomalies, from MFA to awareness training, cannot carry the full load when attackers operate entirely through real login flows that blend into daily work activities.
The report’s guidance leans toward containment: making it safe to report a bad click quickly, and watching how a login happened and what changed after access, rather than trusting that a clean-looking sign-in is benign.
