Posted on 01/21/2025 8:22:25 AM PST by BenLurkin
Nearly 100 domains hosting Sneaky 2FA phishing pages have been identified as of this month, suggesting moderate adoption by threat actors.
"This kit is being sold as phishing-as-a-service (PhaaS) by the cybercrime service 'Sneaky Log,' which operates through a fully-featured bot on Telegram," the company said in an analysis. "Customers reportedly receive access to a licensed obfuscated version of the source code and deploy it independently."
Phishing campaigns have been observed sending payment receipt-related emails to entice recipients into opening bogus PDF documents containing QR code that, upon scanning, redirects them to Sneaky 2FA page
Sekoia said the phishing pages are hosted on compromised infrastructure, mostly involving WordPress websites and other domains controlled by the attacker. The fake authentication pages are designed to automatically populate the victim's email address to elevate their legitimacy.
The kit also boasts of several anti-bot and anti-analysis measures, employing techniques like traffic filtering and Cloudflare Turnstile challenges to ensure that only victims who meet certain criteria are directed to the credential harvesting pages. It further runs a series of checks to detect and resist analysis attempts using web browser developer tools.
A notable aspect of the PhaaS is that site visitors whose IP address originates from a data center, cloud provider, bot, proxy, or VPN are directed to a Microsoft-related Wikipedia page using the href[.]li redirection service. This behavior has led TRAC Labs to give it the name WikiKit.
"The Sneaky 2FA phishing kit employs several blurred images as the background for its fake Microsoft authentication pages," Sekoia explained. "By using screenshots of legitimate Microsoft interfaces, this tactic is intended to deceive users into authenticating themselves to gain access to the blurred content."
(Excerpt) Read more at thehackernews.com ...
PM
I am so close to getting rid of microsoft products. The engineering software I use if getting very close to being completely cloud based running on any browser. it’s not quite ready yet but after, easily, $100,000 in software subscriptions and more for hardware, being self employed is enough for me. I am perfectly happy with my old machines running windows 7 or even my old XP boxes running my CMM and CNC machines. Soon....
You can buy Office 2021 or 2019 for under $35
One time payment. Not much changes in Office. Why rent?
+1
With the 365 version, I think there are enticements in the corporate setting around “collaboration”, Microsoft Teams (chat/video conferencing), OneDrive (file sharing), and Copilot (ChatGPT AI).
See also “Microsoft Delve”, etc...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.