The 2026 phishing ecosystem has outpaced traditional defenses. MFA alone is not enough. The answer is not one more product but a managed defense that combines phishing-resistant authentication, session-level detection, intelligence-driven and AI triage. An attack is not an event. It’s someone — and someone can be known, anticipated, stopped.
- MFA based on OTP, SMS and push is no longer holding. Modern phishing kits intercept the authenticated session token in real time via Adversary-in-the-Middle reverse proxies. The password is irrelevant — the token is what matters.
- Phishing-as-a-Service has industrialized the attack. Turnkey platforms with MFA bypass, admin panel and hosting start at €200 / 2 weeks on Telegram. No technical skill required.
- EvilTokens introduces AI-driven post-compromise automation. Chained LLMs read the mailbox via Graph API, identify financial threads and generate BEC emails in under 5 minutes, with zero human intervention.
- The adversary persists inside Microsoft 365 without malware. The stolen token grants full access via legitimate APIs — inbox rule abuse, invoice thread scanning, BEC fraud. Endpoint protection sees nothing.
- Only FIDO2 and passkeys resist. The cryptographic challenge is bound to the real domain and cannot be relayed through a proxy. Everything else is bypassable.
- How phishing kits bypass MFA in 2026
- Inside Microsoft 365: the post-compromise playbook
- Phishing-as-a-Service: the rental economy
- The 2026 phishing kit arsenal
- Report: EvilTokens — LLM-automated BEC
- Report: Rockstar 2FA and FlowerStorm
- Report: BlackForce — Man-in-the-Browser
- Keitaro TDS and Storm-2755: the infrastructure
- Operational recommendations
How phishing kits bypass MFA in 2026
Most organizations still treat multi-factor authentication as the last line of defense against credential theft. The assumption is intuitive: even if the adversary obtains the password, the second factor — OTP, push, SMS — blocks access. In 2026 that assumption is dangerously outdated.
Phishing kits active today deploy Adversary-in-the-Middle (AiTM) reverse-proxy technology. Instead of a static copy of the login page, the kit inserts itself as a transparent relay between the victim and the real authentication service. The victim sees the genuine Microsoft 365, Google Workspace or banking portal. They enter the password. They complete MFA. In that instant the authenticated session token is captured — before it ever reaches the browser.
The result: the adversary walks into the tenant with a fully authenticated session. No brute-forcing. No password reuse. No MFA fatigue. Just a legitimate token, issued by your Identity Provider, now in the wrong hands.
Every AiTM phishing kit analyzed in this report bypasses OTP, SMS and push. Only phishing-resistant MFA (FIDO2 / passkeys) prevents token interception, because the cryptographic challenge is bound to the legitimate domain and cannot be relayed through a proxy.
Inside Microsoft 365: the post-compromise playbook
What happens after the token is stolen is where the real damage occurs — and where most organizations are blind. The adversary does not read a few emails: they execute a precise, rehearsed sequence designed to maintain access, suppress alerts and monetize the compromise.
moveToDeletedItems, markAsRead, keyword filters on “security”, “unusual sign-in”, “password”.No malware is installed anywhere in this chain. The attack leverages legitimate authentication tokens, legitimate APIs and the victim’s own infrastructure. Traditional endpoint protection and antivirus are completely blind.
Phishing-as-a-Service: the rental economy of cybercrime
The most alarming development of 2026 is that running these attacks no longer requires any technical skill. The criminal ecosystem has reached full industrialization under the Phishing-as-a-Service (PhaaS) model. The aspiring adversary subscribes to a Telegram-based platform, logs into a management panel, and starts operating.
These are not crude tools. PhaaS platforms ship with real-time analytics dashboards, victim tracking, token management and — in EvilTokens’ case — integrated AI that automates the entire post-compromise chain through to BEC email generation. The entry barrier for sophisticated Business Email Compromise has collapsed: from years of expertise to a Telegram subscription and a few hundred euros.
- Cost of attack: a PhaaS subscription with MFA bypass, admin panel and hosting runs €200 to €400 per month.
- Potential return: a single successful BEC on a wire transfer can yield six- to seven-figure sums.
- Scalability: one affiliate runs hundreds of concurrent campaigns, tuned by season and industry.
- Resilience: when infrastructure is taken down, the platform rotates domains and rebuilds — just like a legitimate SaaS.
The 2026 phishing kit arsenal
Based on Fortgale’s proprietary intelligence collected via Threat Intelligence Platform in Q1 2026, these are the kits operating at scale. MFA bypass is now a standard feature, not a differentiator.
| Kit | MFA bypass | Price | Signature capability | Severity |
|---|---|---|---|---|
| EvilTokens | Device Code Flow | Telegram sub | LLM-automated BEC | Critical |
| EvilProxy | AiTM reverse proxy | €400/mo | 900+ templates, TOR panel | Critical |
| Rockstar 2FA | AiTM reverse proxy | €200/2wk | 3,700+ URLScan hits, 2,000 domains | Critical |
| FlowerStorm | AiTM reverse proxy | Telegram sub | Rockstar 2FA successor (fork) | Critical |
| EvilGinx2 | AiTM reverse proxy | Open source | Foundation for many commercial kits | High |
| BlackForce | Man-in-the-Browser | Telegram sub | React-based, 9-step chain | High |
| V3B PK | Token intercept | €200–300 | EU banking, C2 on Telegram | High |
| Tykit | Multi-stage | Telegram sub | SVG delivery, Cloudflare Turnstile gate | High |
| CoGUI / Darcula | Browser profiling | Telegram sub | Anti-analysis fingerprinting, Chinese ops | Medium |
Report: EvilTokens — LLM-automated BEC
EvilTokens marks a category shift in phishing infrastructure. It is the first documented PhaaS platform to integrate large language models into the post-compromise pipeline, compressing the time between token theft and active fraud from hours to minutes.
Unlike traditional AiTM kits built on reverse proxies, EvilTokens abuses the OAuth device code flow — a legitimate authentication mechanism designed for browser-less devices (smart TVs, IoT). The kit serves phishing pages impersonating Adobe, DocuSign and Microsoft, tricking the victim into authorizing a device code: the outcome is not a password but an OAuth token.
Once the token is captured, EvilTokens injects it into an automated AI pipeline: chained LLMs access the mailbox via Microsoft Graph API, analyze the content to isolate high-value financial threads, and generate contextually accurate BEC emails ready for delivery. The entire chain — from token capture to lure-ready email — completes in under 5 minutes, with zero human intervention.
Report: Rockstar 2FA and FlowerStorm
Rockstar 2FA — an evolution of the DadSec kit — and its successor FlowerStorm are the most widely deployed AiTM platforms in the wild, with thousands of detected domains and a direct lineage between them.
Rockstar 2FA alone has generated more than 3,700 URLScan hits and operates across more than 2,000 registered domains. At €200 / 2 weeks it has attracted a wide affiliate base running concurrent campaigns. When its infrastructure was disrupted in late 2025, FlowerStorm emerged as its successor — sharing significant code overlap, identical field naming conventions and architecturally close backends.
| Attribute | Rockstar 2FA | FlowerStorm |
|---|---|---|
| MFA bypass | AiTM reverse proxy | AiTM reverse proxy |
| Price | €200 / 2 weeks | Telegram sub |
| Domains | 2,000+ | Growing (post-Rockstar migration) |
| Lineage | DadSec evolution | Rockstar 2FA code fork |
| Target sectors | Finance, Healthcare, IT, Telco | Finance, Healthcare, Manufacturing |
| Hosting | Bulletproof + Cloudflare | Bulletproof + Cloudflare |
Report: BlackForce — Man-in-the-Browser
BlackForce takes a different architectural route: instead of relaying traffic through a proxy, it operates as a Man-in-the-Browser (MitB) attack — injecting code directly into the browser session via a React application framework.
BlackForce’s attack chain unfolds across 9 steps: a multi-stage loader progressively drops the components, evading detection by fragmenting the payload. The React frontend imitates legitimate login portals with high fidelity, while the backend exfiltrates credentials and session data in real time.
Sequence: (1) lure delivery → (2) React SPA landing → (3) browser profiling and anti-analysis → (4) MitB JavaScript injection → (5) credential capture → (6) session hijack → (7) exfiltration to C2 → (8) cookie-based persistence → (9) redirect to the legitimate site.
Keitaro TDS and Storm-2755: the phishing infrastructure
Behind every phishing campaign at scale sits infrastructure. In 2026 two elements stand out: Keitaro as the traffic management layer and Storm-2755 as a case study in end-to-end orchestration.
Originally a legitimate AdTech product, Keitaro has been repurposed by Eastern European threat actors as the traffic management backbone for phishing operations. It provides automatic visitor routing by geolocation, browser and time of day; cloaking to hide malicious content from security crawlers; and conversion tracking to measure how many victims actually submitted credentials.
A financially motivated threat actor that combines SEO poisoning and malvertising to funnel victims to a spoofed Microsoft 365 portal. The AiTM kit captures the token, bypasses MFA, and the adversary then navigates to HR/payroll systems to reroute salaries. Inbox rules suppress notifications. No malware is used: the entire operation runs on legitimate tokens and APIs.
Operational recommendations
Based on Fortgale’s analysis of active campaigns, these are the priority defensive measures. Each line has a window and a verifiable metric.
Immediate (0–30 days)
- Disable device code flow for non-privileged users in Azure AD / Entra ID — this removes the EvilTokens vector at the root.
- Migrate critical accounts to FIDO2/passkeys — the only factor that resists AiTM interception, because the cryptographic challenge is bound to the domain.
- Enable OAuth token monitoring with alerts on tokens issued for non-approved applications or from unexpected geographies.
Short term (30–90 days)
- Deploy DNS filtering with proactive blocking of known PhaaS IOCs — Fortgale’s platform feeds provide continuously updated blocklists.
- Targeted awareness on social engineering lures — these techniques rely on user-initiated execution and cannot be stopped by technical controls alone.
- Brand monitoring for domain spoofing and malicious SEO positioning leveraging your organization’s name.
Structural
- Session anomaly detection for IP/User-Agent mismatches on authenticated sessions — catches stolen tokens replayed from unexpected locations
- Out-of-band verification mandatory for any bank detail or payroll change in HR systems — Storm-2755 only works if no one picks up the phone
