ANY.RUNJul 15, 2025

👾 #Mamba2FA #phishing kit lets attackers bypass MFA and access victims’ Microsoft 365 accounts.

Used against individuals and businesses, it is gaining popularity, with campaigns seen in Europe, North America, and parts of Asia.

🎯 See analysis: https://any.run/malware-trends/mamba/?utm_source=mastodon&utm_medium=post&utm_campaign=mamba&utm_content=tracker&utm_term=140725

#infosec #cybersecurity

The Threat CodexJun 15, 2025
Global analysis of Adversary-in-the-Middle phishing threats
#EvilProxy #Storm_1167 #DadsecOTT #Rockstar2FA #Mamba2FA #Tycoon2FA #NakedPages #CEPHAS
https://blog.sekoia.io/global-analysis-of-adversary-in-the-middle-phishing-threats/
Global analysis of Adversary-in-the-Middle phishing threats

Explore the 2025 landscape of Adversary-in-the-Middle phishing threats with data, trends, and top detection insights.

Sekoia.io Blog
Show threadgregclermontJan 17, 2025
25gray3cook[.]com #Mamba2FA
gregclermontJan 8, 2025

New Mamba 2FA relay domain:
25black1cook[.]com

#Mamba2FA #AiTM #PhaaS #phishing

RandyDec 23, 2024

Here's part 1 of 2 describing how PhaaS use anti-bot services to help filter out security services and analysts. This part covers how #Mamba2FA uses #Adspect.

https://rmceoin.github.io/malware-analysis/2024/12/21/antibot1.html

#threatintel

Anti-bot services used by PhaaS - Part 1

Phishing-as-a-Service (PhaaS) kits will frequently employ one or more techniques to avoid detection by security software. Often they will use a captcha like Cloudflare Turnstile, Google reCAPTCHA, or even their own captcha. Another one of the methods used is to leverage another service called an anti-bot service. These paid services offload the work required to differenciate between potential victims and malware security scanning. The PhaaS operator may advertise their anti-bot capabilities as part of their services, which is actually their use of these separate services.

Malware Analysis
gregclermontDec 21, 2024
Great post by @rmceoin about #Adspect, the shady anti-bot service used by #Mamba2FA
https://rmceoin.github.io/malware-analysis/2024/12/21/antibot1.html
Anti-bot services used by PhaaS - Part 1

Phishing-as-a-Service (PhaaS) kits will frequently employ one or more techniques to avoid detection by security software. Often they will use a captcha like Cloudflare Turnstile, Google reCAPTCHA, or even their own captcha. Another one of the methods used is to leverage another service called an anti-bot service. These paid services offload the work required to differenciate between potential victims and malware security scanning. The PhaaS operator may advertise their anti-bot capabilities as part of their services, which is actually their use of these separate services.

Malware Analysis
ANY.RUNNov 26, 2024

🔎 Tracking down #phishing threats can be a challenge

That's why we asked expert researcher Jane_0sint to share her tricks of the trade with us

See her use cases for investigating #Mamba2FA, APT-C-36, and other threats ⬇️
https://any.run/cybersecurity-blog/investigating-phishing-threats?utm_source=mastodon&utm_medium=post&utm_campaign=investigating_phish&utm_content=linktoblog&utm_term=261124

Investigating Phishing Threats: Use Cases from an Expert

Discover real-world cases of using TI Lookup to find and collect intel on phishing kits like Mamba2FA and Tycoon2FA and other cyber threats.

ANY.RUN's Cybersecurity Blog
The Threat CodexOct 10, 2024
Analysis of the Phishing Campaign: Behind the Incident
#Mamba2FA
https://any.run/cybersecurity-blog/analysis-of-the-phishing-campaign/
Analysis of the Phishing Campaign: Behind the Incident - ANY.RUN's Cybersecurity Blog

See the results of our investigation into the phishing campaign encountered by our company and get information to defend against it. 

ANY.RUN's Cybersecurity Blog
The Threat CodexOct 10, 2024
Mamba 2FA: A new contender in the AiTM phishing ecosystem
#Mamba2FA
https://blog.sekoia.io/mamba-2fa-a-new-contender-in-the-aitm-phishing-ecosystem/
Mamba 2FA: A new contender in the AiTM phishing ecosystem

Discover Mamba 2FA, a previously unknown adversary-in-the-middle (AiTM) phishing kit and sold as phishing-as-a-service (PhaaS).

Sekoia.io Blog
Sekoia.ioOct 9, 2024
🚨 Discover #Mamba2FA, a previously unknown adversary-in-the-middle (AiTM) #phishing kit, sold as phishing-as-a-service (PhaaS) ⚠️
https://blog.sekoia.io/mamba-2fa-a-new-contender-in-the-aitm-phishing-ecosystem/
Mamba 2FA: A new contender in the AiTM phishing ecosystem

Discover Mamba 2FA, a previously unknown adversary-in-the-middle (AiTM) phishing kit and sold as phishing-as-a-service (PhaaS).

Sekoia.io Blog