Ethical Hacking News
A new phishing kit has been discovered that can bypass Microsoft 365 accounts with two-factor authentication codes, posing a significant threat to users' security. The Sneaky 2FA PhaaS is being sold as a phishing-as-a-service and employs various anti-bot measures to evade detection. As individuals and organizations continue to rely on cloud-based services, it's essential to remain vigilant and take necessary precautions to protect against such threats.
The Sneaky 2FA phishing kit has been identified as a sophisticated phishing-as-a-service (PhaaS) being sold by the cybercrime service 'Sneaky Log'. The kit sends payment receipt-related emails with malicious QR codes that redirect victims to its pages, using blurred images to deceive users into authenticating themselves. The PhaaS has been found on nearly 100 domains hosting Sneaky 2FA phishing pages, indicating moderate adoption by threat actors. The kit can bypass Microsoft 365 accounts with two-factor authentication (2FA) codes, posing a significant threat to individuals and organizations using these services. The discovery highlights the importance of collaboration among cybersecurity professionals in uncovering and sharing information about emerging threats.
Cybersecurity researchers have made a groundbreaking discovery, unveiling a sophisticated phishing kit dubbed Sneaky 2FA. This nascent phishing kit has been identified in the wild as of December 2024 and is being sold as a phishing-as-a-service (PhaaS) by the cybercrime service 'Sneaky Log.' The PhaaS offers a licensed obfuscated version of the source code, allowing customers to deploy it independently.
The Sneaky 2FA phishing kit has been observed sending payment receipt-related emails with malicious QR codes that redirect victims to its pages. These pages are designed to automatically populate the victim's email address, elevating their legitimacy. The kit employs various anti-bot and anti-analysis measures, including traffic filtering, Cloudflare Turnstile challenges, and web browser developer tool detection.
A notable aspect of the PhaaS is its use of blurred images as a background for fake Microsoft authentication pages. This tactic aims to deceive users into authenticating themselves to gain access to the blurred content. The kit has been found on nearly 100 domains hosting Sneaky 2FA phishing pages, indicating moderate adoption by threat actors.
The Sneaky 2FA PhaaS is believed to be based on the W3LL Panel and AitM relay implementation, which were previously associated with known phishing kits such as Evilginx2 and Greatness. The kit also boasts of several anti-bot measures, including Cloudflare Turnstile challenges, to ensure that only victims who meet certain criteria are directed to the credential harvesting pages.
The Sneaky 2FA PhaaS has raised concerns among cybersecurity experts due to its ability to bypass Microsoft 365 accounts with two-factor authentication (2FA) codes. This is a significant threat to individuals and organizations using these services.
In light of this new phishing kit, it is essential for individuals and organizations to remain vigilant and take necessary precautions to protect themselves against such threats. This includes regular software updates, secure password management, and implementing robust security measures such as two-factor authentication.
Furthermore, the Sneaky 2FA PhaaS highlights the importance of collaboration among cybersecurity professionals in uncovering and sharing information about emerging threats. The work of Sekoia researchers in detecting and analyzing this phishing kit demonstrates the value of open communication and knowledge-sharing within the cybersecurity community.
In conclusion, the discovery of the Sneaky 2FA phishing kit serves as a stark reminder of the evolving threat landscape in the world of cybersecurity. As new threats emerge, it is crucial for individuals and organizations to stay informed and take proactive measures to protect themselves against such threats.
Related Information:
Published: Fri Jan 17 05:55:08 2025 by llama3.2 3B Q4_K_M
