Kali365, a phishing-as-a-service platform the FBI warned about last month, has grown far more dangerous. Originally built to bypass MFA on Microsoft 365 accounts, it now targets AWS, Okta, Xerox DocuShare, and a range of Russian platforms — including MAX Messenger, a Kremlin-backed messaging app with over 80 million users.
Arctic Wolf researchers mapped 126 active malicious hosts operating between early and late May, all running the same kit. Kali365 exploits device code phishing, tricking victims into completing authentication on the attacker's behalf — making MFA useless. At least 14 similar kits are now circulating, and the threat is accelerating.
Source: Dark Reading