FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

Cyber-Crime

MFA? No problem, says crimeware that tricks users into handing attackers the keys to M365

The FBI has issued a public service announcement warning about a new phishing kit that's stealing Microsoft OAuth tokens at an alarming rate. OAuth token theft is a serious headache for organizations because stolen tokens can bypass multi-factor authentication (MFA) and grant access to privileged accounts within an organization without needing to know their credentials. Think corporate espionage, data theft, maybe even ransomware.

The main culprit is Kali365, described as a phishing-as-a-service platform that's being peddled on Telegram, first spotted by crimefighters in April 2026.

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

Other newsrooms on this story

Related reading

The New Phishing Click: How OAuth Consent Bypasses MFA

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft blocca piattaforma di phishing e sequestra 338 siti associati -…

Microsoft Authenticator: Critical vulnerability allows token theft

Warning Issued As Hackers Give Microsoft Windows The Finger: Report

Related reading

The New Phishing Click: How OAuth Consent Bypasses MFA

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft blocca piattaforma di phishing e sequestra 338 siti associati -…

Microsoft Authenticator: Critical vulnerability allows token theft

Warning Issued As Hackers Give Microsoft Windows The Finger: Report

Other newsrooms on this story