There are many types of malware that can compromise your system, stealing passwords, information, or controlling your computer. In this article, we report on a new threat that is capable of evading Microsoft multi-factor authentication. This is a major issue as it is a key security barrier to protecting your account.
This is Mamba 2FA. It is a Phishing platform as a service, also known as PhaaS. Its goal is to attack Microsoft 365 accounts through pages created to log in. Sure, they are fake websites, designed to look like Microsoft, but what they are really looking for is to steal the password that the user enters.
Mamba 2FA, a new problem for Microsoft
But what exactly does Mamba 2FA do? What it offers to clients who use this service, since it is a Phaas, as we have mentioned, is to capture multi-factor authentication tokens. To do this, they use what is known as AiTM, a technique that can be translated into Spanish as Adversary in the middle. Basically, it intercepts those tokens.
This malicious tool is for sale for a monthly subscription. The price is $250 per month (at the current exchange rate, about €227). With this, the cybercriminal will be able to use this service to launch attacks against many possible victims. Basically, a flat rate that allows you to earn a profit.
It is not a new threat, since it was detected for the first time a few months ago, but it is very present now and targets Microsoft 365 accounts. They distribute it through different channels, such as Telegram, and the links usually have a very short useful life and they rotate.
Among other things, Mamba 2FA has introduced proxy servers to mask the IP addresses of the servers. In this way, they make it more difficult to block those URLs and could have a greater chance of success.
How to avoid being a victim
So what can you do to avoid falling victim to this problem? Even if attackers perfect their techniques, they will always need you to fall into their trap. They need you to click on a fraudulent link, enter your password and, ultimately, make a mistake that compromises your account.
These fake links can reach you through a variety of means, such as email, social networks, SMS or simply by browsing the web and entering a page. Therefore, being attentive to all types of links that may reach you is essential to protect yourself from this threat and many other similar ones.
Likewise, it is always good to use strong passwords that are difficult to guess. That is what will protect, initially, your accounts. Additionally, enabling two-step authentication creates that extra barrier of protection. You can even generate secure keys, which will help you avoid making mistakes.
In short, be careful with this new threat that puts Microsoft accounts at risk. It is essential not to make mistakes, as they could enter without you realizing it. Protect your devices well, create strong passwords and always use multi-factor authentication.
