216.73.216.86

Threat Spotlight: The Jalisco Toolkit and AI-Powered Phishing Surge

· Published 15/07/2026 03:40

Export JSON

Essential information

Published
15/07/2026 03:40
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
darcula jalisco kali365 mfa bypass microsoft 365 oauth token theft omegalord phishing-as-a-service tycoon2fa venom
Related entities
6 indicators, 6 observables, 7 malware

Description

Phishing attacks have surged in 2026 as AI-powered kits enable threat actors to bypass multi-factor authentication and harvest OAuth tokens at scale. Two phishing tools were identified in active campaigns: Jalisco, a device code phishing toolkit that provisions fresh OAuth codes in real time to defeat time-based security controls, and OmegaLord, a credential harvester that captures phone numbers alongside passwords to intercept MFA. Both tools demonstrate that attackers are engineering sophisticated methods to defeat authentication controls. These toolkits are part of a broader ecosystem that includes AI-powered PhaaS kits like EvilTokens and , which leverage legitimate cloud platforms to evade detection. Following compromise, attackers establish persistence by enrolling multiple devices to victim Entra ID tenants, enabling access that survives password resets and extends the window for data exfiltration and extortion.

External references