2025-01-30 22:06:31 Pacfic
New Phishing Kit Bypasses Microsoft 365 2FA - 11d
A new sophisticated phishing kit, dubbed 'Sneaky 2FA,' is actively targeting Microsoft 365 accounts using an Adversary-in-the-Middle (AitM) technique. This kit, sold as phishing-as-a-service (PhaaS) by the cybercrime group 'Sneaky Log' through a Telegram bot, has been in operation since at least October 2024. The kit's primary method involves sending emails with fake payment receipts containing QR codes. These codes redirect victims to phishing pages that steal both login credentials and two-factor authentication codes, bypassing traditional security measures. The phishing pages are hosted on compromised websites, particularly WordPress sites, and have been observed to use blurred screenshots of legitimate Microsoft interfaces to trick users.
The Sneaky 2FA kit also employs several anti-analysis techniques to avoid detection. It filters traffic, uses Cloudflare Turnstile challenges, and performs checks to detect and resist analysis attempts using web browser developer tools. In an effort to not be detected, the kit redirects visitors from data centers, cloud providers, bots, proxies, or VPNs to a Wikipedia page. The kit's operators also use a central server to verify subscription licenses which are sold for $200 a month. Analysis of the kit's source code reveals overlaps with W3LL Panel OV6, another AitM phishing kit exposed in 2023, indicating a potentially larger and interconnected threat landscape targeting Microsoft 365 users.
ImgSrc: blogger.googleusercontent.com
References:
- blog.sekoia.io - A cybercrime service called "Sneaky Log" is selling a new new Adversary-in-the-Middle (AitM) phishing kit targeting Microsoft 365 accounts since at least October 2024. - 11d
- @screaminggoat - Sekoia : A cybercrime service called "Sneaky Log" is selling a new new Adversary-in-the-Middle (AitM) phishing kit targeting Microsoft 365 accounts since at least October 2024. - 11d
- The Hacker News - New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass - 11d
- securityonline.info - Sneaky 2FA: A New Adversary-in-the-Middle Phishing-as-a-Service Threat - 10d
- ciso2ciso.com - Telegram-Based “Sneaky 2FA� Phishing Kit Targets Microsoft 365 Accounts – Source:hackread.com - 8d
- CISO2CISO.COM & CYBER SECURITY GROUP - Telegram-Based “Sneaky 2FA� Phishing Kit Targets Microsoft 365 Accounts - 8d
- CyberInsider - New AiTM PhaaS Platform ‘Sneaky 2FA’ Targets Microsoft 365 Accounts - 8d
Classification:
- HashTags: 2FAPhishing Microsoft365 AitMPhishing
- Company: Multiple
- Target: Microsoft 365 Users
- Product: Microsoft 365
- Feature: 2FA Bypass
- Type: Hack
- Severity: Major