New Phishing Kit Targets Microsoft 365 Accounts
/ 1 min read
🕵️♂️ New Sneaky 2FA Phishing Kit Targets Microsoft 365 Accounts. Cybersecurity researchers have identified a new adversary-in-the-middle phishing kit named Sneaky 2FA, designed to steal Microsoft 365 credentials and two-factor authentication codes. Detected by Sekoia in December 2024, the kit is sold as phishing-as-a-service for $200 per month and has been linked to nearly 100 domains. It employs sophisticated tactics, including anti-bot measures and the use of blurred images mimicking legitimate Microsoft interfaces to deceive users. The kit requires a valid subscription for operation and has connections to previous phishing syndicates, indicating a potential evolution in phishing techniques. This development highlights the ongoing threat posed by advanced phishing strategies in the cybersecurity landscape.
