Cybercriminals are increasingly using Browser-in-the-Browser (BitB) and other advanced techniques to enhance phishing attacks, especially targeting services like Microsoft accounts. These innovations showcase the ongoing evolution of phishing Tactics and phishing-as-a-Service ecosystems. #BitB #Sneaky2FA
Keypoints
- Threat actors are incorporating Browser-in-the-Browser techniques into phishing kits like Sneaky 2FA to improve deception.
- Attackers use bot protection measures such as Cloudflare Turnstile and CAPTCHA to filter targets and avoid detection.
- Sneaky 2FA employs obfuscation and domain rotation to evade analysis and prolong its operational lifespan.
- New attack methods involve manipulating passkey registration using malicious browser extensions and JavaScript injections.
- Organizations are advised to implement conditional access policies to mitigate account takeover risks due to these advanced threats.
Read More: https://thehackernews.com/2025/11/sneaky-2fa-phishing-kit-adds-bitb-pop.html