Threat Spotlight: The Jalisco Toolkit and AI-Powered Phishing Surge
Essential information
- Published
- 15/07/2026 03:40
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- darcula jalisco kali365 mfa bypass microsoft 365 oauth token theft omegalord phishing-as-a-service tycoon2fa venom
- Related entities
- 6 indicators, 6 observables, 7 malware
Description
Phishing attacks have surged in 2026 as AI-powered phishing-as-a-service kits enable threat actors to bypass multi-factor authentication and harvest OAuth tokens at scale. Two phishing tools were identified in active campaigns: Jalisco, a device code phishing toolkit that provisions fresh OAuth codes in real time to defeat time-based security controls, and OmegaLord, a credential harvester that captures phone numbers alongside passwords to intercept MFA. Both tools demonstrate that attackers are engineering sophisticated methods to defeat authentication controls. These toolkits are part of a broader ecosystem that includes AI-powered PhaaS kits like EvilTokens and Kali365, which leverage legitimate cloud platforms to evade detection. Following compromise, attackers establish persistence by enrolling multiple devices to victim Entra ID tenants, enabling access that survives password resets and extends the window for data exfiltration and extortion.