Security experts have warned of a new phishing-as-a-service (PhaaS) platform that is emerging as a serious threat, thanks to its advanced features, obfuscation techniques and competitive pricing.
Security researchers at Sekoia have revealed more about Mamba 2FA, which has been on the market since at least November 2023.
Scammers mainly use it to target people’s Microsoft 365 accounts, both personal and business, and it costs $250 per month, which they say is quite a competitive price, attracting a lot of interest from the cybercriminal community.
Opponent in the middle
In recent months, the platform has been upgraded and improved several times, and now masks the IP addresses of relay servers in authentication logs, and rotates link domains used in phishing URLs, to prevent blacklisting.
Scammers who purchase the service can create convincing Microsoft 365 login pages, which can even capture the victim’s authentication tokens, MFA (multi-factor authentication) codes, and similar advanced protections.
All this has made Mamba 2FA a formidable enemy. The Sekoia researchers said they saw the PhaaS in action several times during the observation period, indicating a widespread threat.
Phishing is still the world’s leading attack vector. Thanks to its ubiquity, low cost, and ease of address discovery, email is the go-to way to steal sensitive data or deploy malware. In recent years, companies have started requiring their employees to use multi-factor authentication to provide an extra layer of security and ensure that passwords stolen through phishing cannot be misused.
Criminals have responded by creating Adversary-in-the-Middle (AiTM) solutions, much like Mamba 2FA, that can even trick the victim into sharing MFA codes with the attackers. In some cases, the criminals will allow the victim to log into the legitimate service at the same time, increasing perceived legitimacy and reducing the likelihood of being noticed.
Via BleepingComputer