Mastodawn

Show thread

gregclermont Jan 17, 2025

25gray3cook[.]com #Mamba2FA

gregclermont Jan 17, 2025

crep1x Jan 16, 2025

Our last article exposes the new AiTM phishing kit Sneaky 2FA, sold by the cybercrime service "Sneaky Log"!

We provide an in-depth analysis of the phishing pages, the associated service, detection opportunities and multiple IoCs.

⬇️

https://infosec.exchange/@sekoia_io/113838932313150634

In late December 2024, TRACLabs_
analysed a Sneaky 2FA phishing campaign and dubbed the kit "WikiKit".

Meanwhile, we investigated another campaign that led to the discovery of Sneaky 2FA code, as well as the Telegram bot advertising and selling it.

We confirm that the WikiKit phishing pages correspond to those of the Sneaky Log service, which we chose to name Sneaky 2FA!

Sekoia.io (@[email protected])

🔍 TDR analysts discovered a new Adversary-in-the-Middle (#AiTM) #phishing kit, specifically targeting Microsoft 365 accounts and circumventing 2-step verification: Sneaky 2FA https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/ #detection #sneaky2fa

Infosec Exchange

gregclermont Jan 8, 2025

New Mamba 2FA relay domain:
25black1cook[.]com

#Mamba2FA #AiTM #PhaaS #phishing

gregclermont Dec 21, 2024

Great post by @rmceoin about #Adspect, the shady anti-bot service used by #Mamba2FA
https://rmceoin.github.io/malware-analysis/2024/12/21/antibot1.html

Anti-bot services used by PhaaS - Part 1

Phishing-as-a-Service (PhaaS) kits will frequently employ one or more techniques to avoid detection by security software. Often they will use a captcha like Cloudflare Turnstile, Google reCAPTCHA, or even their own captcha. Another one of the methods used is to leverage another service called an anti-bot service. These paid services offload the work required to differenciate between potential victims and malware security scanning. The PhaaS operator may advertise their anti-bot capabilities as part of their services, which is actually their use of these separate services.

Malware Analysis