Contact

Mamba 2FA: A new contender in the AiTM phishing ecosystem

NetmanageIT OpenCTI - opencti.netmanageit.com

Mamba 2FA: A new contender in the AiTM phishing ecosystem



SUMMARY :

Mamba 2FA is a newly discovered adversary-in-the-middle (AiTM) phishing kit being sold as phishing-as-a-service (PhaaS). It features capabilities similar to other popular AiTM phishing services, including handling two-step verifications for non-phishing-resistant MFA methods, supporting various authentication systems, and dynamically reflecting organization branding. The kit uses a two-layer infrastructure consisting of link domains and relay servers, leveraging the Socket.IO protocol for communication. Mamba 2FA has been active since at least November 2023 and is commercialized through Telegram. The phishing pages mimic Microsoft 365 services and use sophisticated techniques to evade detection, including HTML attachments with obfuscated content.

OPENCTI LABELS :

phishing,microsoft 365,phaas,evasion techniques,aitm,socket.io,multi-factor authentication,mamba 2fa


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Mamba 2FA: A new contender in the AiTM phishing ecosystem