👾 #Mamba2FA #phishing kit lets attackers bypass MFA and access victims’ Microsoft 365 accounts.
Used against individuals and businesses, it is gaining popularity, with campaigns seen in Europe, North America, and parts of Asia.
🎯 See analysis: https://any.run/malware-trends/mamba/?utm_source=mastodon&utm_medium=post&utm_campaign=mamba&utm_content=tracker&utm_term=140725
Global analysis of Adversary-in-the-Middle phishing threats
#EvilProxy #Storm_1167 #DadsecOTT #Rockstar2FA #Mamba2FA #Tycoon2FA #NakedPages #CEPHAS
https://blog.sekoia.io/global-analysis-of-adversary-in-the-middle-phishing-threats/
25gray3cook[.]com #Mamba2FA
Here's part 1 of 2 describing how PhaaS use anti-bot services to help filter out security services and analysts. This part covers how #Mamba2FA uses #Adspect.
https://rmceoin.github.io/malware-analysis/2024/12/21/antibot1.html
Great post by @rmceoin about #Adspect, the shady anti-bot service used by #Mamba2FA
https://rmceoin.github.io/malware-analysis/2024/12/21/antibot1.html
🔎 Tracking down #phishing threats can be a challenge
That's why we asked expert researcher Jane_0sint to share her tricks of the trade with us
See her use cases for investigating #Mamba2FA, APT-C-36, and other threats ⬇️
https://any.run/cybersecurity-blog/investigating-phishing-threats?utm_source=mastodon&utm_medium=post&utm_campaign=investigating_phish&utm_content=linktoblog&utm_term=261124
Analysis of the Phishing Campaign: Behind the Incident
#Mamba2FA
https://any.run/cybersecurity-blog/analysis-of-the-phishing-campaign/
Mamba 2FA: A new contender in the AiTM phishing ecosystem
#Mamba2FA
https://blog.sekoia.io/mamba-2fa-a-new-contender-in-the-aitm-phishing-ecosystem/
🚨 Discover #Mamba2FA, a previously unknown adversary-in-the-middle (AiTM) #phishing kit, sold as phishing-as-a-service (PhaaS) ⚠️
https://blog.sekoia.io/mamba-2fa-a-new-contender-in-the-aitm-phishing-ecosystem/
