Microsoft 365 accounts targeted by dangerous new phishing scam

Shadowed hands on a digital background reaching for a login prompt.
Image Credit: Shutterstock (Image credit: Shutterstock)

Security experts have warned of a new phishing-as-a-service (PhaaS) platform that’s emerging as a serious threat, thanks to its advanced features, obfuscation techniques, and competitive pricing.

Security researchers from Sekoia have revealed more on Mamba 2FA, which has been on the market since at least November 2023.

Crooks are mostly using it to target people’s Microsoft 365 accounts, both private and corporate, and it costs $250 a month which, they say, is a rather competitive price, drawing much interest from the cybercriminal community.

Adversary in the middle

Over the last couple of months, the platform was upgraded and enhanced multiple times, and now masks the IP addresses of relay servers on authentication logs, and rotates link domains used in phishing URLs, to avoid blacklisting.

Crooks that purchase the service can create convincing Microsoft 365 login pages, which even allow for the capture of the victim’s authentication tokens, multi-factor authentication (MFA) codes, and similar advanced protections.

All of this has made Mamba 2FA a formidable foe. Sekoia’s researchers said that during the observation period, they saw the PhaaS in action multiple times, suggesting a widespread threat.

Phishing continues to be the number one attack vector around the world. Its omnipresence, low cost, and the ease at which addresses can be found, make email the go-to avenue to steal sensitive data, or deploy malware. In recent years, companies started demanding their employees use multi-factor authentication to provide an extra layer of security and make sure passwords stolen via phishing cannot be abused.

Criminals have responded by creating adversary-in-the-middle (AiTM) solutions, as is Mamba 2FA, which can even trick the victim into sharing MFA codes with the attackers, as well. In some instances, the criminals will allow the victim to log into the legitimate service simultaneously, increasing the perceived legitimacy and reducing the chances of being spotted.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
mobile phone
Forget phishing, now "mishing" is the new security threat to worry about
A person using a smartphone with a cybersecurity lock symbol appearing over it.
The growing threat of device code phishing and how to defend against It
Security padlock in circuit board, digital encryption concept
MFA alone won’t protect you in 2025: the new cybersecurity imperative
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
Latest in Security
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Latest in News
A PC gamer celebrating, sat in a gaming chair in front of a monitor
Windows 11’s Game Bar gets a fresh coat of paint, plus a tweak to work better on handhelds – and I like the direction Microsoft’s heading in here
NHS
NHS IT supplier hit with major fine following ransomware attack
A business woman looking at AI on a transparent screen
Most businesses are now fully embracing AI - but aren't always protected against the risks
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
All three rumored Samsung Galaxy S25 Edge colors shown off in ‘official’ images
Cristiano Ronaldo promotional image for Fatal Fury: City of the Wolves
Yes, Cristiano Ronaldo is a playable character in Fatal Fury: City of the Wolves, and it makes more sense than you think
inZOI.
inZOI early access won't feature Denuvo DRM after all, 'we are committed to making inZOI a highly moddable game'