Mamba 2FA: A new contender in the AiTM phishing ecosystem
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Mamba 2FA is a newly discovered adversary-in-the-middle (AiTM) phishing kit being sold as phishing-as-a-service (PhaaS). It features capabilities similar to other popular AiTM phishing services, including handling two-step verifications for non-phishing-resistant MFA methods, supporting various authentication systems, and dynamically reflecting organization branding. The kit uses a two-layer infrastructure consisting of link domains and relay servers, leveraging the Socket.IO protocol for communication. Mamba 2FA has been active since at least November 2023 and is commercialized through Telegram. The phishing pages mimic Microsoft 365 services and use sophisticated techniques to evade detection, including HTML attachments with obfuscated content.
OPENCTI LABELS :
phishing,microsoft 365,phaas,evasion techniques,aitm,socket.io,multi-factor authentication,mamba 2fa
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Mamba 2FA: A new contender in the AiTM phishing ecosystem