A dangerous new phishing scam has emerged, primarily targeting Microsoft 365 users. Known as Mamba 2FA, this phishing-as-a-service (PhaaS) platform has caught the attention of cybercriminals due to its advanced features, security evasion techniques, and relatively low cost.
According to reports from cybersecurity researchers at Sekoia, Mamba 2FA has been around since November 2023. The service costs US$250 per month, making it affordable for criminals looking to exploit both personal and corporate Microsoft 365 accounts.
How criminals are using Mamba 2FA
The Mamba 2FA platform offers a range of features that make it particularly effective. For example, it enables attackers to create convincing fake Microsoft 365 login pages, tricking users into entering their credentials. Even more worryingly, these counterfeit pages can capture sensitive information like authentication tokens and multi-factor authentication (MFA) codes. This makes Mamba 2FA capable of bypassing one of the most common security measures companies use to protect their accounts.
In recent months, Mamba 2FA has undergone several upgrades. One of its most alarming improvements is its ability to hide the IP addresses of relay servers in authentication logs. This makes it more difficult for businesses to detect unusual login attempts. Additionally, Mamba 2FA rotates the domain names used in phishing URLs to avoid being blacklisted by security systems.
Cybercriminals who use the service can collect a wide range of security information from victims, which they can then use to take control of their accounts. Sekoia’s researchers observed multiple instances of Mamba 2FA in action, highlighting the growing popularity of this platform among hackers.
Phishing remains a top threat
Phishing continues to be one of the most widespread and effective methods cybercriminals use to steal sensitive data or deploy malware. Its low cost and the ease with which email addresses can be obtained make phishing a persistent threat to individuals and businesses.
To combat this, many organisations now require their employees to use multi-factor authentication, hoping it will provide an additional layer of security and prevent attackers from using stolen passwords. Unfortunately, criminals have adapted. The rise of adversary-in-the-middle (AiTM) techniques like those used in Mamba 2FA means that even MFA codes can now be intercepted by hackers.
One of the tricks used by Mamba 2FA is to allow the victim to log into the legitimate service while their data is being stolen. This tactic increases the credibility of the phishing attempt and reduces the chances that users will realise something is wrong, leaving them even more vulnerable.
Staying safe in a phishing-filled world
The growing sophistication of phishing scams like Mamba 2FA highlights the importance of remaining vigilant online. While multi-factor authentication remains an important tool in the fight against cybercrime, it’s no longer enough. Businesses and individuals alike must be aware of the latest phishing tactics and ensure comprehensive security measures are in place.
Regular employee training, advanced email filtering systems, and monitoring for unusual login attempts are some steps that can help reduce the risk of falling victim to these attacks. The battle against phishing is far from over, and as criminals develop new tools, cybersecurity efforts must continue to evolve.
