FBI warns of Kali365 phishing platform targeting Microsoft 365 users

The FBI has issued an urgent security warning concerning Kali365, a rapidly evolving hacking platform that targets users of Microsoft 365 services, including Teams, Outlook, and OneDrive. The platform is designed to exploit OAuth device codes, enabling scammers to bypass multi-factor authentication and gain unauthorized access to Microsoft accounts without needing a password.

According to the FBI, scammers utilize Kali365 to send phishing emails that impersonate trusted document-sharing services. These emails contain device codes and instructions for users to verify their accounts, a tactic that lowers the barrier to entry for attackers with limited technical skills. The FBI noted that Kali365 provides access to AI-generated phishing lures, automated campaign templates, real-time tracking dashboards, and OAuth token capture capabilities.

The hacking platform is reportedly sold to scammers on a subscription basis for $250 per month. The FBI first detected Kali365 in April and has classified it as an emerging Phishing-as-a-Service (PhaaS) platform. This type of service allows individuals with minimal technical expertise to conduct sophisticated phishing attacks.

The FBI advises Microsoft 365 users to report any phishing emails, suspicious login attempts, or unauthorized devices and active sessions associated with their accounts to the Internet Crime Complaint Center. Users are also urged not to open links containing access codes that they have not requested.