EvilTokens PhaaS group uses AI to scale phishing attacks by 1,380%, operating like a tech startup
By
Sead Fadilpašić
Summary
A new report from cybersecurity firm Huntress reveals that the EvilTokens phishing-as-a-service (PhaaS) operation is increasingly operating like a tech startup, leveraging AI to scale attacks by 1,380% in early 2026 compared to the same period last year. The report highlights how AI enables not just scaling but also unprecedented personalization of phishing attacks, making them more effective and harder to detect.
Source
Key quotes
· 3 pulledCybercriminals offering phishing-as-a-service (PhaaS) are increasingly operating like a tech startup, and a good one, at that.
This particular PhaaS operation, called EvilTokens, was used to run 1,380% more phishing attacks in early 2026 compared to the same period last year.
AI is used for more than just scaling - it enabled personalization at an unprecedented level.
You might also wanna read

ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit
Blue41 identifies AI prompt injection vulnerability in Bunq's banking assistant
Blue41, a security firm, helped Bunq (Europe's second-largest digital bank) secure its AI assistant against spearphishing risks by identifyi
AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
How a botnet abused my open source project's cloud version to phish 14,000 people
The author, who runs an open source project management tool called Kaneo, discovered that a botnet had abused the hosted cloud version of th
Anthropic's Mythos AI Achieves 72.4% Success Rate in Generating Browser Sandbox Exploits
Anthropic's Mythos research preview demonstrates a significant advancement in AI's ability to generate working exploits for browser sandboxe
Astra Security: AI-Powered Penetration Testing Platform for Enterprise Vulnerability Management
Astra Security is a penetration testing platform (PTaaS) that combines automated and manual cybersecurity testing to help enterprises identi

Comments
Sign in to join the conversation.
No comments yet. Be the first.