The Sneaky Hack That's Hijacking Accounts 37 Times Faster Than Before

Huma ShaziaApril 5, 2026 at 6:41 PM8 min read

A new wave of phishing attacks is sweeping the internet, using a clever technique to trick victims into giving away access to their accounts. These attacks have surged 37 times in just a few months, and experts are warning that they're getting more sophisticated by the day. Here's what you need to know to stay safe.

Key Takeaways

Device code phishing attacks have surged 37 times in recent months
These attacks use a legitimate login flow to trick victims into giving away access
Multiple phishing kits are available, making it easy for cybercriminals to launch attacks

What is Device Code Phishing?

So, what exactly is device code phishing? In simple terms, it's a type of attack where a hacker sends a fake login request to a service provider, gets a code, and then tricks the victim into entering that code on a legitimate login page. This gives the hacker access to the victim's account, all while making it look like a normal login process.

Device code phishing uses the OAuth 2.0 Device Authorization Grant flow
This flow was designed for devices with limited input options, like smart TVs or printers

How Does Device Code Phishing Work?

The process of device code phishing is surprisingly simple. The hacker sends a device authorization request to a service provider, gets a code, and then sends that code to the victim. The victim, thinking they're just logging in, enters the code on a legitimate login page, giving the hacker access to their account.

The hacker gets a code from the service provider
The victim enters the code on a legitimate login page, giving the hacker access

The Rise of Phishing Kits

So, why are device code phishing attacks on the rise? One reason is the availability of phishing kits, which make it easy for cybercriminals to launch these attacks. These kits provide pre-built tools and templates, allowing even low-skilled hackers to get in on the action.

Phishing kits provide pre-built tools and templates for launching attacks
Kits like EvilTokens and Venom are making it easy for cybercriminals to launch device code phishing attacks

Expert Insights

According to Push Security, 'At the start of March, we'd observed a 15x increase in device code phishing pages detected by our research team this year, with multiple kits and campaigns being tracked — with the kit now identified as EvilTokens the most prominent. That figure has now risen to 37.5x.'

Push Security has seen a massive increase in device code phishing pages
EvilTokens is one of the most prominent phishing kits on the market

Staying Safe from Device Code Phishing

So, how can you protect yourself from these sneaky attacks? The key is to be cautious when entering codes or logging in to your accounts. Make sure you're on a legitimate login page, and never enter codes or login credentials on a page that doesn't look right.

Be cautious when entering codes or logging in to your accounts
Make sure you're on a legitimate login page before entering any sensitive information

The Future of Phishing

As phishing kits continue to evolve and become more sophisticated, it's likely that we'll see even more of these attacks in the future. But by staying informed and being cautious, you can protect yourself and your accounts from these sneaky hacks.

Phishing kits are likely to continue evolving and becoming more sophisticated
Staying informed and being cautious is key to protecting yourself from these attacks

“At the start of March, we'd observed a 15x increase in device code phishing pages detected by our research team this year, with multiple kits and campaigns being tracked — with the kit now identified as EvilTokens the most prominent. That figure has now risen to 37.5x.”

— Push Security

Final Thoughts

The rise of device code phishing attacks is a reminder that cybersecurity is an ongoing battle. By staying informed and being cautious, you can protect yourself and your accounts from these sneaky hacks. As the threat landscape continues to evolve, it's likely that we'll see even more sophisticated attacks in the future. But for now, being aware of the risks and taking steps to protect yourself is the best defense.

Sources & Credits

Originally reported by BleepingComputer

A new technology is set to revolutionize the way AI agents learn and adapt, enabling them to accumulate wisdom and apply it to new situations. This innovation has the potential to significantly boost the reliability of AI agents, especially in complex tasks. By converting raw agent trajectories into reusable guidelines, this tech is poised to transform the AI landscape.

9 Apr 2026

Trending Tech·10 min

The Dark Side of AI: How Bots Are Fueling a Monetized Abuse Ecosystem

A recent analysis of 2.8 million Telegram messages reveals a shocking truth: AI-powered bots are being used to create and sell non-consensual intimate images. These bots can turn ordinary photos into synthetic nude images, and the abuse is being monetized through affiliate programs and subscription-based archives. The researchers behind the study are calling for stricter regulations to combat this growing problem.

9 Apr 2026

Trending Tech·8 min

AI's Secret Sauce: How Journalism Became the Unlikely Ingredient

A recent study reveals that AI chatbots rely heavily on journalistic sources for their quotes, with one in four coming from news outlets. This shocking discovery has significant implications for the media industry and our understanding of AI's information gathering processes. As AI technology continues to evolve, it's essential to consider the role of journalism in shaping its responses.

9 Apr 2026