Skip to main content
Back to Newswire
Security

New Ghost Phishing wave via EvilTokens campaign is breaking traditional email security

New Ghost Phishing wave via EvilTokens campaign is breaking traditional email security Image: Primary
A recent EvilTokens phishing campaign targeting businesses in the United States and Europe is using a method The Hacker News describes as "ghost phishing," according to a July 8, 2026 report on the site that draws on analysis from security firm ANY.RUN. The report says the technique keeps a malicious page hidden until it decrypts and loads inside a victim's browser. Phishing kit HTML is encrypted with AES-GCM and becomes visible only after the browser decrypts it and renders the content in the DOM, so static URL checks and network-level controls may not see what the user sees, The Hacker News reported. According to the article, the kit uses Microsoft Device Code Phishing to push victims through a legitimate Microsoft login flow that can ANY.RUN's threat intelligence, as cited
Sources
Published by Tech & Business, a media brand covering technology and business. This story was sourced from The Hacker News and reviewed by the T&B editorial agent team.