The Hacker News reports that Microsoft account credentials have been pilfered by the upgraded Sneaky 2FA phishing-as-a-service kit through the newly embedded Browser-in-the-Browser functionality, which conceals phishing URLs via pop-up login forms.Visiting the dubious "previewdoc[.]us" website triggered a Cloudflare Turnstile check that redirected to a subdomain with a "Sign in with Microsoft" button, which would load a fake Microsoft login form via BiTB to exfiltrate credentials and session details, according to Push Security researchers. Multiple conditional loading tactics have also been employed for exact targeting.Such findings which follow separate studies detailing the use of an illicit browser extension for bogus passkey registration and the phishing-resistant authentication-bypassing downgrade attack were noted by researchers to emphasize persistent innovation in the PhaaS ecosystem, lowering the barrier to entry among cybercriminals."With identity-based attacks continuing to be the leading cause of breaches, attackers are incentivized to refine and enhance their phishing infrastructure," researchers added.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds