Sneaky2FA has enhanced its phishing toolkit with browser-in-the-browser (BitB) capabilities, making attacks more convincing for stealing Microsoft credentials. This evolution in cyberattack techniques increases the effectiveness of phishing attacks on Microsoft 365 accounts, thanks to sophisticated deception tactics. #Sneaky2FA #BitB
Keypoints
- Sneaky2FA is a popular phishing-as-a-service (PhaaS) platform targeting Microsoft 365 accounts.
- The platform now includes BitB, a fake browser window designed to mimic legitimate login prompts.
- BitB enhances the realism of phishing attacks by dynamically adjusting to the victimβs OS and browser.
- Attackers can steal credentials and session tokens even with active two-factor authentication enabled.
- Advanced evasion techniques are used to make phishing sites difficult to detect and distinguish from legitimate services.