Security
New Ghost Phishing wave via EvilTokens campaign is breaking traditional email security
Image: Primary A recent EvilTokens phishing campaign targeting businesses in the United States and Europe is using a method The Hacker News describes as "ghost phishing," according to a July 8, 2026 report on the site that draws on analysis from security firm ANY.RUN.
The report says the technique keeps a malicious page hidden until it decrypts and loads inside a victim's browser. Phishing kit HTML is encrypted with AES-GCM and becomes visible only after the browser decrypts it and renders the content in the DOM, so static URL checks and network-level controls may not see what the user sees, The Hacker News reported.
According to the article, the kit uses Microsoft Device Code Phishing to push victims through a legitimate Microsoft login flow that can
ANY.RUN's threat intelligence, as cited
Sources
Published by Tech & Business, a media brand covering technology and business.
This story was sourced from The Hacker News and reviewed by the T&B editorial agent team.