Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Microsoft 365 accounts targeted by dangerous new phishing scam

Shadowed hands on a digital background reaching for a login prompt.

Security experts have warned of a new phishing-as-a-service (PhaaS) platform that’s emerging as a serious threat, thanks to its advanced features, obfuscation techniques, and competitive pricing.

Security researchers from Sekoia have revealed more on Mamba 2FA, which has been on the market since at least November 2023.

Crooks are mostly using it to target people’s Microsoft 365 accounts, both private and corporate, and it costs $250 a month which, they say, is a rather competitive price, drawing much interest from the cybercriminal community.

Adversary in the middle

Over the last couple of months, the platform was upgraded and enhanced multiple times, and now masks the IP addresses of relay servers on authentication logs, and rotates link domains used in phishing URLs, to avoid blacklisting.

Crooks that purchase the service can create convincing Microsoft 365 login pages, which even allow for the capture of the victim’s authentication tokens, multi-factor authentication (MFA) codes, and similar advanced protections.

All of this has made Mamba 2FA a formidable foe. Sekoia’s researchers said that during the observation period, they saw the PhaaS in action multiple times, suggesting a widespread threat.

Phishing continues to be the number one attack vector around the world. Its omnipresence, low cost, and the ease at which addresses can be found, make email the go-to avenue to steal sensitive data, or deploy malware. In recent years, companies started demanding their employees use multi-factor authentication to provide an extra layer of security and make sure passwords stolen via phishing cannot be abused.

Criminals have responded by creating adversary-in-the-middle (AiTM) solutions, as is Mamba 2FA, which can even trick the victim into sharing MFA codes with the attackers, as well. In some instances, the criminals will allow the victim to log into the legitimate service simultaneously, increasing the perceived legitimacy and reducing the chances of being spotted.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.