2fa

TLDR: Sekoia.io identified a new phishing kit named “Sneaky 2FA,” part of a phishing-as-a-service operation targeting Microsoft 365 accounts. Discovered in December 2024, it utilizes advanced techniques, including autograb for email input and anti-bot measures. The service is marketed via a Telegram bot and relies on compromised domains. It captures session cookies post-authentication, making it a significant threat. Detection measures focus on identifying inconsistent user-agent strings indicative of phishing attempts.

https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/