FBI warns of Kali365 as device‑code phishing surges

A troubling pattern in cloud credential theft

Since the FBI’s public service announcement on 22 May 2026, the security community has been tracking a rapid rise in device‑code phishing campaigns that target Microsoft 365 (M365) users. The core of the problem is a kit named Kali365, advertised on Telegram as a ready‑made service for low‑skill attackers. What makes it especially dangerous is its reliance on the OAuth device‑code flow, a legitimate Microsoft mechanism that lets a user link a device by entering a short code on a Microsoft page. By tricking a victim into entering that code, the attacker registers a new device under the victim’s account and receives an access token that can be used without any additional MFA prompt.

Evidence from the field

• FBI alert – The bureau’s warning cites a spike in stolen OAuth tokens and notes that the kit provides “AI‑generated phishing lures, automated campaign templates, and real‑time dashboards.” The announcement links to the FBI’s advisory page for further details.
• Arctic Wolf analysis – In an April deep‑dive, Arctic Wolf described two distinct attack paths. The first uses a classic device‑code email that mimics services such as Adobe Acrobat Sign, DocuSign, or SharePoint. The second, labeled adversary‑in‑the‑middle (AitM), proxies a victim’s browser to a genuine Microsoft login page, captures the session cookie after the user completes MFA, and then replays the session from the attacker’s server.
• Microsoft’s response – Tanmay Ganacharya, VP of security research at Microsoft, confirmed “hundreds of compromises each day” and highlighted the difficulty of pattern‑based detection because each campaign varies its payload and language.
• Pricing and tiers – The service is sold at $250 per month per tenant, with a yearly option for $2,000. Three subscription levels (Client, Agent, Admin) let resellers brand their panels and manage sub‑customers, effectively creating a reseller ecosystem for phishing infrastructure.

Counter‑perspectives and practical steps

While the technical details are alarming, some experts caution against over‑reacting with blanket blocks that could disrupt legitimate device‑code flows used by internal tools. The following points reflect a balanced view:

1. Conditional Access as a lever – Both the FBI and Arctic Wolf recommend configuring Conditional Access policies that block the OAuth device‑code grant type for users who do not need it. This can be done in the Azure portal under Security > Conditional Access > New policy.
2. Authentication Transfer policies – Disabling the Authentication Transfer setting prevents tokens from being moved between devices, limiting the impact of AitM attacks. However, some organizations rely on this feature for legitimate cross‑device sign‑ins, so a risk‑based assessment is required.
3. User education – Phishing emails that contain a short alphanumeric code are easy to miss. Training programs that highlight the specific look‑and‑feel of Microsoft’s device‑code page can reduce successful clicks.
4. Monitoring token issuance – Azure AD logs now expose the device_code grant type. Security Information and Event Management (SIEM) solutions can alert on abnormal volumes of such requests, providing an early warning before tokens are abused.
5. Economic deterrence – At $250 per month, the service is affordable for small cybercrime groups but still a cost for a professional operation. Law‑enforcement takedowns of the Telegram channels could raise the barrier again, though history shows that new kits appear quickly.

Looking ahead

Kali365 illustrates a broader shift: phishing kits are moving from simple credential harvesters to platforms that automate token theft, session hijacking, and resale of access. As cloud services continue to adopt OAuth‑based flows, defenders will need to treat token‑level abuse with the same seriousness as password leaks. Conditional Access, vigilant logging, and targeted user awareness remain the most effective triad of defenses, but the cat‑and‑mouse game is unlikely to end soon.

For more technical details, see the original FBI advisory and the Arctic Wolf deep‑dive on their blog.