RandyDec 23, 2024

Here's part 1 of 2 describing how PhaaS use anti-bot services to help filter out security services and analysts. This part covers how #Mamba2FA uses #Adspect.

https://rmceoin.github.io/malware-analysis/2024/12/21/antibot1.html

#threatintel

Anti-bot services used by PhaaS - Part 1

Phishing-as-a-Service (PhaaS) kits will frequently employ one or more techniques to avoid detection by security software. Often they will use a captcha like Cloudflare Turnstile, Google reCAPTCHA, or even their own captcha. Another one of the methods used is to leverage another service called an anti-bot service. These paid services offload the work required to differenciate between potential victims and malware security scanning. The PhaaS operator may advertise their anti-bot capabilities as part of their services, which is actually their use of these separate services.

Malware Analysis
gregclermontDec 21, 2024
Great post by @rmceoin about #Adspect, the shady anti-bot service used by #Mamba2FA
https://rmceoin.github.io/malware-analysis/2024/12/21/antibot1.html
Anti-bot services used by PhaaS - Part 1

Phishing-as-a-Service (PhaaS) kits will frequently employ one or more techniques to avoid detection by security software. Often they will use a captcha like Cloudflare Turnstile, Google reCAPTCHA, or even their own captcha. Another one of the methods used is to leverage another service called an anti-bot service. These paid services offload the work required to differenciate between potential victims and malware security scanning. The PhaaS operator may advertise their anti-bot capabilities as part of their services, which is actually their use of these separate services.

Malware Analysis