Microsoft 365 accounts targeted by dangerous new phishing scam

Mamba 2FA is cheap, well-built, and increasingly popular among scammers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security experts have warned of a new phishing-as-a-service (PhaaS) platform that’s emerging as a serious threat, thanks to its advanced features, obfuscation techniques, and competitive pricing.

Security researchers from Sekoia have revealed more on Mamba 2FA, which has been on the market since at least November 2023.

Crooks are mostly using it to target people’sMicrosoft365 accounts, both private and corporate, and it costs $250 a month which, they say, is a rather competitive price, drawing much interest from the cybercriminal community.

Adversary in the middle

Over the last couple of months, the platform was upgraded and enhanced multiple times, and now masks the IP addresses of relay servers on authentication logs, and rotates link domains used in phishing URLs, to avoid blacklisting.

Crooks that purchase the service can create convincing Microsoft 365 login pages, which even allow for the capture of the victim’s authentication tokens, multi-factor authentication (MFA) codes, and similar advanced protections.

All of this has made Mamba 2FA a formidable foe. Sekoia’s researchers said that during the observation period, they saw the PhaaS in action multiple times, suggesting a widespread threat.

Phishing continues to be the number one attack vector around the world. Its omnipresence, low cost, and the ease at which addresses can be found, make email the go-to avenue to steal sensitive data, or deploymalware. In recent years, companies started demanding their employees use multi-factor authentication to provide an extra layer of security and make sure passwords stolen via phishing cannot be abused.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Criminals have responded by creating adversary-in-the-middle (AiTM) solutions, as is Mamba 2FA, which can even trick the victim into sharing MFA codes with the attackers, as well. In some instances, the criminals will allow the victim to log into the legitimate service simultaneously, increasing the perceived legitimacy and reducing the chances of being spotted.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Nokia confirms data breach leaked third-party code, but its data is safe

Rising AI threats are making firms turn back to human intelligence

Xbox Series S 1TB review: the best option for console buyers on a budget