{"id":24274,"date":"2026-06-07T08:00:00","date_gmt":"2026-06-07T11:00:00","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=24274"},"modified":"2026-06-04T19:56:12","modified_gmt":"2026-06-04T22:56:12","slug":"kali365-o-novo-ecossistema-de-phishing","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2026\/06\/exploits\/kali365-o-novo-ecossistema-de-phishing\/","title":{"rendered":"Kali365, o novo ecossistema de phishing"},"content":{"rendered":"\n<p style=\"text-align: justify;\" data-turn-id-container=\"bbb213a5-cfeb-42f8-ad57-04c078f0552f\" data-is-intersecting=\"true\"><strong><span style=\"color: revert; font-size: revert;\">Kali365: O novo ecossistema de phishing que est\u00e1 transformando o roubo de contas Microsoft em um servi\u00e7o profissional<\/span><\/strong><\/p>\n<div class=\"\" data-turn-id-container=\"ba9d1359-7f33-4e46-a84d-6cb3be50664e\" data-is-intersecting=\"true\">\n<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"ba9d1359-7f33-4e46-a84d-6cb3be50664e\" data-turn-id-container=\"ba9d1359-7f33-4e46-a84d-6cb3be50664e\" data-testid=\"conversation-turn-116\" data-scroll-anchor=\"false\" data-turn=\"assistant\">\n<div class=\"text-base my-auto mx-auto [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n<div class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n<div class=\"flex max-w-full flex-col gap-4 grow\">\n<div class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" dir=\"auto\" data-message-author-role=\"assistant\" data-message-id=\"742085fd-370d-4ca1-9c87-2c9694faf78f\" data-message-model-slug=\"gpt-5-5\">\n<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n<div class=\"text-base my-auto mx-auto [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n<div class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n<div class=\"flex max-w-full flex-col gap-4 grow\">\n<div class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" dir=\"auto\" data-message-author-role=\"assistant\" data-message-id=\"742085fd-370d-4ca1-9c87-2c9694faf78f\" data-message-model-slug=\"gpt-5-5\">\n<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n<p style=\"text-align: justify;\" data-start=\"178\" data-end=\"517\">A evolu\u00e7\u00e3o do cibercrime moderno est\u00e1 cada vez mais associada \u00e0 industrializa\u00e7\u00e3o dos ataques digitais. Ferramentas que antes exigiam conhecimento t\u00e9cnico avan\u00e7ado agora s\u00e3o disponibilizadas como servi\u00e7os completos, permitindo que criminosos com pouca experi\u00eancia realizem opera\u00e7\u00f5es sofisticadas contra empresas, governos e usu\u00e1rios comuns.<\/p>\n<p style=\"text-align: justify;\" data-start=\"519\" data-end=\"1019\">Um exemplo recente dessa transforma\u00e7\u00e3o \u00e9 o surgimento do <strong data-start=\"576\" data-end=\"587\">Kali365<\/strong>, uma plataforma de <em data-start=\"607\" data-end=\"630\">Phishing-as-a-Service<\/em> (PhaaS) criada para comprometer contas do Microsoft 365 utilizando mecanismos leg\u00edtimos de autentica\u00e7\u00e3o da pr\u00f3pria Microsoft. Segundo investiga\u00e7\u00f5es divulgadas pelo <span class=\"\" data-state=\"closed\">TecMundo<\/span> e alertas emitidos pelo FBI, a plataforma permite contornar autentica\u00e7\u00e3o multifator (MFA) sem necessidade de capturar senhas ou c\u00f3digos tempor\u00e1rios.<\/p>\n<p style=\"text-align: justify;\" data-start=\"1021\" data-end=\"1286\">O caso representa uma mudan\u00e7a importante no cen\u00e1rio das amea\u00e7as digitais, pois demonstra que os criminosos n\u00e3o est\u00e3o mais apenas roubando credenciais. Eles est\u00e3o explorando diretamente os mecanismos modernos de autentica\u00e7\u00e3o baseados em tokens e identidade federada.<\/p>\n<p data-start=\"1021\" data-end=\"1286\">\u00a0<\/p>\n<p class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\"><strong>O que \u00e9 o Kali365?<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"1316\" data-end=\"1398\">O Kali365 \u00e9 classificado como uma plataforma de <strong data-start=\"1364\" data-end=\"1397\">Phishing-as-a-Service (PhaaS)<\/strong>.<\/p>\n<p style=\"text-align: justify;\" data-start=\"1400\" data-end=\"1547\">Nesse modelo, operadores desenvolvem toda a infraestrutura criminosa e a disponibilizam mediante assinatura para afiliados que executam os ataques.<\/p>\n<p style=\"text-align: justify;\" data-start=\"1549\" data-end=\"1629\">Segundo an\u00e1lises da <span class=\"\" data-state=\"closed\">Malwarebytes<\/span>, a plataforma oferece:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"1631\" data-end=\"1913\">\n<li data-section-id=\"1snaznl\" data-start=\"1631\" data-end=\"1669\">\n<p>Campanhas automatizadas de phishing;<\/p>\n<\/li>\n<li data-section-id=\"177nkj3\" data-start=\"1670\" data-end=\"1714\">\n<p>Iscas geradas por intelig\u00eancia artificial;<\/p>\n<\/li>\n<li data-section-id=\"12n6jgh\" data-start=\"1715\" data-end=\"1752\">\n<p>Captura autom\u00e1tica de tokens OAuth;<\/p>\n<\/li>\n<li data-section-id=\"11chz6e\" data-start=\"1753\" data-end=\"1794\">\n<p>Pain\u00e9is de monitoramento em tempo real;<\/p>\n<\/li>\n<li data-section-id=\"4qsn2s\" data-start=\"1795\" data-end=\"1821\">\n<p>Rastreamento de v\u00edtimas;<\/p>\n<\/li>\n<li data-section-id=\"flgopw\" data-start=\"1822\" data-end=\"1913\">\n<p>Infraestrutura pronta para ataques em larga escala.<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"1915\" data-end=\"1991\">Esse modelo reduz drasticamente a barreira de entrada para novos criminosos.<\/p>\n<p data-start=\"1915\" data-end=\"1991\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1yh12o9\" data-start=\"1998\" data-end=\"2049\"><strong>A explora\u00e7\u00e3o de um recurso leg\u00edtimo da Microsoft<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"2051\" data-end=\"2146\">O aspecto mais preocupante do Kali365 \u00e9 que ele n\u00e3o depende de falhas tradicionais de software.<\/p>\n<p style=\"text-align: justify;\" data-start=\"2148\" data-end=\"2381\">A plataforma explora um mecanismo leg\u00edtimo chamado <strong data-start=\"2199\" data-end=\"2238\">OAuth 2.0 Device Authorization Flow<\/strong>, utilizado pela Microsoft para autentica\u00e7\u00e3o em dispositivos com capacidade limitada de entrada de dados.<\/p>\n<p style=\"text-align: justify;\" data-start=\"2383\" data-end=\"2411\">Esse recurso \u00e9 utilizado em:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"2413\" data-end=\"2532\">\n<li data-section-id=\"rbar7f\" data-start=\"2413\" data-end=\"2425\">\n<p>Smart TVs;<\/p>\n<\/li>\n<li data-section-id=\"1w6mgza\" data-start=\"2426\" data-end=\"2445\">\n<p>Equipamentos IoT;<\/p>\n<\/li>\n<li data-section-id=\"18xwc0o\" data-start=\"2446\" data-end=\"2477\">\n<p>Sistemas de videoconfer\u00eancia;<\/p>\n<\/li>\n<li data-section-id=\"17j94vo\" data-start=\"2478\" data-end=\"2505\">\n<p>Impressoras corporativas;<\/p>\n<\/li>\n<li data-section-id=\"bc0949\" data-start=\"2506\" data-end=\"2532\">\n<p>Dispositivos embarcados.<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"2534\" data-end=\"2630\">O processo foi criado para facilitar autentica\u00e7\u00f5es seguras em equipamentos sem teclado completo.<\/p>\n<p data-start=\"2534\" data-end=\"2630\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1yznvgm\" data-start=\"2637\" data-end=\"2662\"><strong>Como funciona o ataque<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"2664\" data-end=\"2747\">O golpe utiliza engenharia social em conjunto com o fluxo leg\u00edtimo de autentica\u00e7\u00e3o.<\/p>\n<p style=\"text-align: justify;\" data-start=\"2749\" data-end=\"2796\">O processo geralmente ocorre da seguinte forma:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"2798\" data-end=\"3188\">\n<li data-section-id=\"1g2orok\" data-start=\"2798\" data-end=\"2841\">\n<p>O atacante inicia uma solicita\u00e7\u00e3o OAuth.<\/p>\n<\/li>\n<li data-section-id=\"1mt3lb5\" data-start=\"2842\" data-end=\"2890\">\n<p>Um c\u00f3digo tempor\u00e1rio \u00e9 gerado pela Microsoft.<\/p>\n<\/li>\n<li data-section-id=\"ykumiq\" data-start=\"2891\" data-end=\"2935\">\n<p>A v\u00edtima recebe uma mensagem de phishing.<\/p>\n<\/li>\n<li data-section-id=\"1ecr0aw\" data-start=\"2936\" data-end=\"3001\">\n<p>O usu\u00e1rio \u00e9 instru\u00eddo a acessar o portal oficial da Microsoft.<\/p>\n<\/li>\n<li data-section-id=\"1tgpazo\" data-start=\"3002\" data-end=\"3050\">\n<p>O c\u00f3digo fornecido pelo criminoso \u00e9 inserido.<\/p>\n<\/li>\n<li data-section-id=\"18fxl3r\" data-start=\"3051\" data-end=\"3104\">\n<p>A autentica\u00e7\u00e3o multifator \u00e9 conclu\u00edda normalmente.<\/p>\n<\/li>\n<li data-section-id=\"17wg6dk\" data-start=\"3105\" data-end=\"3188\">\n<p>Os tokens OAuth s\u00e3o entregues ao atacante.<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"3190\" data-end=\"3284\">O detalhe cr\u00edtico \u00e9 que todo o processo ocorre dentro da infraestrutura leg\u00edtima da Microsoft.<\/p>\n<p data-start=\"3190\" data-end=\"3284\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"11hpyl1\" data-start=\"3291\" data-end=\"3328\"><strong>Por que a MFA n\u00e3o impede o ataque?<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"3330\" data-end=\"3441\">Durante anos, a autentica\u00e7\u00e3o multifator foi considerada uma das principais barreiras contra invas\u00f5es de contas.<\/p>\n<p style=\"text-align: justify;\" data-start=\"3443\" data-end=\"3522\">Entretanto, o Kali365 demonstra uma mudan\u00e7a importante na din\u00e2mica dos ataques.<\/p>\n<p style=\"text-align: justify;\" data-start=\"3524\" data-end=\"3546\">O criminoso n\u00e3o rouba:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"3548\" data-end=\"3597\">\n<li data-section-id=\"6ca0si\" data-start=\"3548\" data-end=\"3556\">\n<p>Senha;<\/p>\n<\/li>\n<li data-section-id=\"idialo\" data-start=\"3557\" data-end=\"3570\">\n<p>C\u00f3digo MFA;<\/p>\n<\/li>\n<li data-section-id=\"y912d5\" data-start=\"3571\" data-end=\"3597\">\n<p>Aplicativo autenticador.<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"3599\" data-end=\"3742\">Em vez disso, ele obt\u00e9m diretamente os <strong data-start=\"3638\" data-end=\"3654\">tokens OAuth<\/strong> emitidos ap\u00f3s a autentica\u00e7\u00e3o leg\u00edtima do usu\u00e1rio.<\/p>\n<p style=\"text-align: justify;\" data-start=\"3744\" data-end=\"3826\">Na pr\u00e1tica, o invasor recebe uma autoriza\u00e7\u00e3o v\u00e1lida concedida pela pr\u00f3pria v\u00edtima.<\/p>\n<p data-start=\"3744\" data-end=\"3826\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"8dfe6t\" data-start=\"3833\" data-end=\"3872\"><strong>O valor estrat\u00e9gico dos Tokens OAuth<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"3874\" data-end=\"3994\">Tokens OAuth funcionam como credenciais tempor\u00e1rias que comprovam a identidade do usu\u00e1rio perante servi\u00e7os autenticados.<\/p>\n<p style=\"text-align: justify;\" data-start=\"3996\" data-end=\"4037\">Uma vez obtidos, podem fornecer acesso a:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"4039\" data-end=\"4190\">\n<li data-section-id=\"afhnzu\" data-start=\"4039\" data-end=\"4049\">\n<p>Outlook;<\/p>\n<\/li>\n<li data-section-id=\"79bnx7\" data-start=\"4050\" data-end=\"4061\">\n<p>OneDrive;<\/p>\n<\/li>\n<li data-section-id=\"5p2xr1\" data-start=\"4062\" data-end=\"4070\">\n<p>Teams;<\/p>\n<\/li>\n<li data-section-id=\"1i6h2pe\" data-start=\"4071\" data-end=\"4084\">\n<p>SharePoint;<\/p>\n<\/li>\n<li data-section-id=\"9n1hf9\" data-start=\"4085\" data-end=\"4114\">\n<p>Aplica\u00e7\u00f5es SaaS integradas;<\/p>\n<\/li>\n<li data-section-id=\"153v461\" data-start=\"4115\" data-end=\"4190\">\n<p>Ambientes corporativos federados.<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"4192\" data-end=\"4267\">Em muitos casos, os tokens permanecem v\u00e1lidos mesmo ap\u00f3s mudan\u00e7as de senha.<\/p>\n<p data-start=\"4192\" data-end=\"4267\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"13aho4q\" data-start=\"4274\" data-end=\"4326\"><strong>O crescimento do mercado de Phishing-as-a-Service<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"4328\" data-end=\"4371\">O Kali365 faz parte de uma tend\u00eancia maior.<\/p>\n<p style=\"text-align: justify;\" data-start=\"4373\" data-end=\"4461\">O mercado clandestino passou a oferecer servi\u00e7os completos de ataque digital, incluindo:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"4463\" data-end=\"4564\">\n<li data-section-id=\"s1gjp9\" data-start=\"4463\" data-end=\"4489\">\n<p>Ransomware-as-a-Service;<\/p>\n<\/li>\n<li data-section-id=\"t3ixn5\" data-start=\"4490\" data-end=\"4513\">\n<p>Malware-as-a-Service;<\/p>\n<\/li>\n<li data-section-id=\"13x0na1\" data-start=\"4514\" data-end=\"4539\">\n<p>Initial Access Brokers;<\/p>\n<\/li>\n<li data-section-id=\"1bvzp3j\" data-start=\"4540\" data-end=\"4564\">\n<p>Phishing-as-a-Service.<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"4566\" data-end=\"4782\">Segundo pesquisadores citados pela <span class=\"\" data-state=\"closed\">TechRepublic<\/span>, o Kali365 representa uma nova gera\u00e7\u00e3o de plataformas altamente especializadas em identidade digital.<\/p>\n<p data-start=\"4566\" data-end=\"4782\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"17clj20\" data-start=\"4789\" data-end=\"4830\"><strong>Estrutura empresarial do crime digital<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"4832\" data-end=\"4935\">Investiga\u00e7\u00f5es da Arctic Wolf apontam que o Kali365 opera de forma semelhante a uma empresa tradicional.<\/p>\n<p style=\"text-align: justify;\" data-start=\"4937\" data-end=\"4956\">A estrutura inclui:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"4958\" data-end=\"5087\">\n<li data-section-id=\"1iukmxv\" data-start=\"4958\" data-end=\"4976\">\n<p>Desenvolvedores;<\/p>\n<\/li>\n<li data-section-id=\"1daiz7y\" data-start=\"4977\" data-end=\"4995\">\n<p>Administradores;<\/p>\n<\/li>\n<li data-section-id=\"1nlss47\" data-start=\"4996\" data-end=\"5011\">\n<p>Revendedores;<\/p>\n<\/li>\n<li data-section-id=\"5mief5\" data-start=\"5012\" data-end=\"5024\">\n<p>Afiliados;<\/p>\n<\/li>\n<li data-section-id=\"1eps0a6\" data-start=\"5025\" data-end=\"5087\">\n<p>Suporte operacional.<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"5089\" data-end=\"5169\">Esse modelo aumenta a escala dos ataques e acelera a dissemina\u00e7\u00e3o das campanhas.<\/p>\n<p data-start=\"5089\" data-end=\"5169\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1vwv7s8\" data-start=\"5176\" data-end=\"5207\"><strong>O papel da engenharia social<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"5209\" data-end=\"5286\">Apesar da sofistica\u00e7\u00e3o t\u00e9cnica, o elemento humano continua sendo fundamental.<\/p>\n<p style=\"text-align: justify;\" data-start=\"5288\" data-end=\"5330\">Os ataques utilizam mensagens que simulam:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"5332\" data-end=\"5471\">\n<li data-section-id=\"1e34auh\" data-start=\"5332\" data-end=\"5356\">\n<p>Convites corporativos;<\/p>\n<\/li>\n<li data-section-id=\"sp8352\" data-start=\"5357\" data-end=\"5390\">\n<p>Compartilhamento de documentos;<\/p>\n<\/li>\n<li data-section-id=\"qprmu1\" data-start=\"5391\" data-end=\"5417\">\n<p>Solicita\u00e7\u00f5es de reuni\u00e3o;<\/p>\n<\/li>\n<li data-section-id=\"11z5ybc\" data-start=\"5418\" data-end=\"5446\">\n<p>Notifica\u00e7\u00f5es de seguran\u00e7a;<\/p>\n<\/li>\n<li data-section-id=\"1rndclw\" data-start=\"5447\" data-end=\"5471\">\n<p>Atualiza\u00e7\u00f5es urgentes.<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"5473\" data-end=\"5639\">O objetivo \u00e9 convencer a v\u00edtima a inserir o c\u00f3digo sem perceber que est\u00e1 autorizando um dispositivo controlado pelo criminoso.<\/p>\n<p data-start=\"5473\" data-end=\"5639\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"dbzwp0\" data-start=\"5646\" data-end=\"5670\"><strong>Impacto para empresas<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"5672\" data-end=\"5718\">Uma conta comprometida pode fornecer acesso a:<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1pazj8k\" data-start=\"5720\" data-end=\"5747\">Comunica\u00e7\u00e3o Corporativa<\/p>\n<p style=\"text-align: justify;\" data-start=\"5748\" data-end=\"5813\">E-mails internos podem ser monitorados e utilizados para fraudes.<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1o1oan7\" data-start=\"5815\" data-end=\"5843\">Documenta\u00e7\u00e3o Estrat\u00e9gica<\/p>\n<p style=\"text-align: justify;\" data-start=\"5844\" data-end=\"5895\">Arquivos armazenados em nuvem tornam-se acess\u00edveis.<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"87wvff\" data-start=\"5897\" data-end=\"5920\">Sistemas Integrados<\/p>\n<p style=\"text-align: justify;\" data-start=\"5921\" data-end=\"5986\">Aplica\u00e7\u00f5es conectadas via Single Sign-On podem ser comprometidas.<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"ntxy8w\" data-start=\"5988\" data-end=\"6012\">Movimenta\u00e7\u00e3o Lateral<\/p>\n<p style=\"text-align: justify;\" data-start=\"6013\" data-end=\"6124\">O invasor utiliza a conta para expandir o acesso dentro da organiza\u00e7\u00e3o.<\/p>\n<p data-start=\"6013\" data-end=\"6124\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1ap2qvk\" data-start=\"6131\" data-end=\"6172\"><strong>Persist\u00eancia e dificuldade de detec\u00e7\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"6174\" data-end=\"6236\">Um dos maiores desafios \u00e9 que o acesso obtido parece leg\u00edtimo.<\/p>\n<p style=\"text-align: justify;\" data-start=\"6238\" data-end=\"6254\">Os logs mostram:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"6256\" data-end=\"6327\">\n<li data-section-id=\"m1cr97\" data-start=\"6256\" data-end=\"6278\">\n<p>Autentica\u00e7\u00e3o v\u00e1lida;<\/p>\n<\/li>\n<li data-section-id=\"tte3e1\" data-start=\"6279\" data-end=\"6295\">\n<p>MFA conclu\u00edda;<\/p>\n<\/li>\n<li data-section-id=\"1ot2u8x\" data-start=\"6296\" data-end=\"6327\">\n<p>Tokens emitidos corretamente.<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"6329\" data-end=\"6428\">Isso dificulta a identifica\u00e7\u00e3o imediata do comprometimento.<\/p>\n<p data-start=\"6329\" data-end=\"6428\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1umjw0z\" data-start=\"6435\" data-end=\"6453\"><strong>O alerta do FBI<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"6455\" data-end=\"6584\">O FBI recomendou que organiza\u00e7\u00f5es revisem urgentemente pol\u00edticas relacionadas ao fluxo de autentica\u00e7\u00e3o por c\u00f3digo de dispositivo.<\/p>\n<p style=\"text-align: justify;\" data-start=\"6586\" data-end=\"6619\">Entre as medidas sugeridas est\u00e3o:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"6621\" data-end=\"6834\">\n<li data-section-id=\"hdziod\" data-start=\"6621\" data-end=\"6651\">\n<p>Restringir Device Code Flow;<\/p>\n<\/li>\n<li data-section-id=\"1aop6dx\" data-start=\"6652\" data-end=\"6685\">\n<p>Implementar Conditional Access;<\/p>\n<\/li>\n<li data-section-id=\"hardj4\" data-start=\"6686\" data-end=\"6723\">\n<p>Monitorar emiss\u00f5es de tokens OAuth;<\/p>\n<\/li>\n<li data-section-id=\"1s3xpxe\" data-start=\"6724\" data-end=\"6759\">\n<p>Revisar dispositivos registrados;<\/p>\n<\/li>\n<li data-section-id=\"n1l18a\" data-start=\"6760\" data-end=\"6834\">\n<p>Auditar autentica\u00e7\u00f5es suspeitas.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"w2r3wg\" data-start=\"6841\" data-end=\"6887\"><strong>O futuro dos ataques baseados em identidade<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"6889\" data-end=\"6953\">O Kali365 evidencia uma mudan\u00e7a importante na seguran\u00e7a digital.<\/p>\n<p style=\"text-align: justify;\" data-start=\"6955\" data-end=\"6994\">Historicamente, os criminosos buscavam:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"6996\" data-end=\"7061\">\n<li data-section-id=\"8slia0\" data-start=\"6996\" data-end=\"7012\">\n<p>Roubar senhas;<\/p>\n<\/li>\n<li data-section-id=\"1kdsyb6\" data-start=\"7013\" data-end=\"7041\">\n<p>Explorar vulnerabilidades;<\/p>\n<\/li>\n<li data-section-id=\"1clyo2h\" data-start=\"7042\" data-end=\"7061\">\n<p>Instalar malware.<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"7063\" data-end=\"7096\">Agora, o foco est\u00e1 migrando para:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"7098\" data-end=\"7238\">\n<li data-section-id=\"vzglgl\" data-start=\"7098\" data-end=\"7123\">\n<p>Tokens de autentica\u00e7\u00e3o;<\/p>\n<\/li>\n<li data-section-id=\"681j8i\" data-start=\"7124\" data-end=\"7142\">\n<p>Sess\u00f5es v\u00e1lidas;<\/p>\n<\/li>\n<li data-section-id=\"e3eqqb\" data-start=\"7143\" data-end=\"7166\">\n<p>Identidades digitais;<\/p>\n<\/li>\n<li data-section-id=\"65nimg\" data-start=\"7167\" data-end=\"7238\">\n<p>Infraestruturas de confian\u00e7a.<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"7240\" data-end=\"7327\">Esse movimento acompanha a crescente ado\u00e7\u00e3o de ambientes cloud e autentica\u00e7\u00e3o federada.<\/p>\n<p data-start=\"7240\" data-end=\"7327\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"11j7z6r\" data-start=\"7334\" data-end=\"7362\"><strong>Boas pr\u00e1ticas de prote\u00e7\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"7364\" data-end=\"7389\">Especialistas recomendam:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"7391\" data-end=\"7689\">\n<li data-section-id=\"h9qaf4\" data-start=\"7391\" data-end=\"7449\">\n<p>Restringir autentica\u00e7\u00e3o por Device Code quando poss\u00edvel;<\/p>\n<\/li>\n<li data-section-id=\"18jg5j1\" data-start=\"7450\" data-end=\"7496\">\n<p>Implementar pol\u00edticas de acesso condicional;<\/p>\n<\/li>\n<li data-section-id=\"v5gisb\" data-start=\"7497\" data-end=\"7523\">\n<p>Monitorar eventos OAuth;<\/p>\n<\/li>\n<li data-section-id=\"wal9uj\" data-start=\"7524\" data-end=\"7568\">\n<p>Treinar usu\u00e1rios contra engenharia social;<\/p>\n<\/li>\n<li data-section-id=\"5on24b\" data-start=\"7569\" data-end=\"7607\">\n<p>Revisar regularmente sess\u00f5es ativas;<\/p>\n<\/li>\n<li data-section-id=\"d81ew7\" data-start=\"7608\" data-end=\"7689\">\n<p>Revogar tokens suspeitos imediatamente.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"h85oci\" data-start=\"7696\" data-end=\"7708\"><strong>Conclus\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"7710\" data-end=\"8032\">O Kali365 representa uma evolu\u00e7\u00e3o significativa do ecossistema de phishing moderno. Ao explorar mecanismos leg\u00edtimos de autentica\u00e7\u00e3o da Microsoft em vez de atacar diretamente senhas ou c\u00f3digos MFA, a plataforma demonstra como os criminosos est\u00e3o adaptando suas estrat\u00e9gias para contornar as camadas tradicionais de defesa.<\/p>\n<p style=\"text-align: justify;\" data-start=\"8034\" data-end=\"8423\">Mais do que uma ferramenta isolada, o Kali365 simboliza a profissionaliza\u00e7\u00e3o do cibercrime e o crescimento de modelos criminosos baseados em servi\u00e7os especializados. O epis\u00f3dio refor\u00e7a que a seguran\u00e7a atual n\u00e3o pode depender apenas de autentica\u00e7\u00e3o multifator, pois a prote\u00e7\u00e3o das identidades digitais exige monitoramento cont\u00ednuo de tokens, sess\u00f5es, dispositivos e comportamentos an\u00f4malos.<\/p>\n<p style=\"text-align: justify;\" data-start=\"8425\" data-end=\"8627\">\u00c0 medida que ambientes corporativos migram cada vez mais para plataformas em nuvem, ataques focados em identidade tendem a se tornar uma das principais amea\u00e7as da pr\u00f3xima gera\u00e7\u00e3o de opera\u00e7\u00f5es ofensivas.<\/p>\n<p data-start=\"8425\" data-end=\"8627\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1bfeuhi\" data-start=\"8634\" data-end=\"8663\"><strong>Refer\u00eancias Bibliogr\u00e1ficas<\/strong><\/p>\n<ul data-start=\"8665\" data-end=\"8752\">\n<li data-section-id=\"2ln6kn\" data-start=\"8665\" data-end=\"8709\"><span class=\"\" data-state=\"closed\"><a class=\"decorated-link\" href=\"https:\/\/www.tecmundo.com.br\/seguranca\/413399-kali365-o-servico-de-golpes-criado-para-roubar-contas-microsoft.htm?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">TecMundo \u2013 Kali365, o servi\u00e7o de golpes criado para roubar contas Microsoft<\/a><\/span><\/li>\n<li data-section-id=\"1je6gkk\" data-start=\"8710\" data-end=\"8752\"><span class=\"\" data-state=\"closed\"><a class=\"decorated-link\" href=\"https:\/\/www.malwarebytes.com\/blog\/scams\/2026\/05\/kali365-phishing-kit-bypasses-mfa-and-steals-microsoft-logins?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">Malwarebytes \u2013 Kali365 phishing kit bypasses MFA and steals Microsoft logins<\/a><\/span><\/li>\n<\/ul>\n<p data-start=\"8754\" data-end=\"8793\">\u00a0<\/p>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"z-0 flex min-h-[46px] justify-start\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Kali365: O novo ecossistema de phishing que est\u00e1 transformando o roubo de contas Microsoft em um servi\u00e7o profissional A evolu\u00e7\u00e3o do cibercrime moderno est\u00e1 cada vez mais associada \u00e0 industrializa\u00e7\u00e3o dos ataques digitais. Ferramentas que antes exigiam conhecimento t\u00e9cnico avan\u00e7ado agora s\u00e3o disponibilizadas como servi\u00e7os completos, permitindo que criminosos com pouca experi\u00eancia realizem opera\u00e7\u00f5es sofisticadas [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":24275,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,21,105],"tags":[],"class_list":["post-24274","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-exploits","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/24274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=24274"}],"version-history":[{"count":2,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/24274\/revisions"}],"predecessor-version":[{"id":24286,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/24274\/revisions\/24286"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/24275"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=24274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=24274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=24274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}