Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

Share post:

A new phishing kit, ominously named “Sneaky 2FA,” has emerged, targeting Microsoft 365 users by bypassing two-factor authentication (2FA) protections. This advanced threat leverages an Adversary-in-the-Middle (AiTM) technique to intercept login credentials and 2FA codes, enabling attackers to gain unauthorized access to accounts.

Operated as a Phishing-as-a-Service (PhaaS) under the alias “Sneaky Log,” the kit enables attackers to launch sophisticated phishing campaigns. Its real-time interception of session cookies allows attackers to gain immediate access to user accounts after 2FA credentials are entered. It uses URLs prefilled with victims’ email addresses to enhance credibility, directing users to fake Microsoft login pages that mirror the real interface. Once credentials and 2FA codes are entered, the attackers use them in real-time to access legitimate accounts before the codes expire.

The sophistication of Sneaky 2FA lies in its use of advanced tools like Cloudflare Turnstile, which differentiates between bots and human users, complicating detection and analysis. Additionally, it intercepts session cookies in real time, enabling seamless access to accounts as though the attackers themselves had authenticated directly. The phishing pages are often hosted on compromised WordPress sites, adding another layer of complexity. Researchers also found code links to W3LL Panel OV6, a known AiTM phishing tool, further demonstrating its advanced capabilities.

Since its discovery in October 2024, Sneaky 2FA has highlighted the limitations of traditional 2FA. While 2FA is an essential security measure, this attack shows how cybercriminals can exploit its real-time nature. For a detailed analysis and recommended mitigation strategies, refer to the original report: Sneaky 2FA – SEKOIA.IO.

For users, vigilance is key. Obviously, avoiding clicking on suspicious links in unsolicited emails, verifying the authenticity of login requests, and enable additional security measures where available should be encouraged. But as cybercriminals continue to evolve their tactics, Sneaky 2FA serves as a stark reminder that even the most trusted security measures must adapt to the changing threat landscape.

SUBSCRIBE NOW

Related articles

North Korean Hackers Trick Employees With New Social Engineering

North Korean Hackers Trick Employees With New Social Engineering, New Prompt Injection Attack Compromises Gemini's Long-Term Memorym Canada's...

Canada’s Tech Sector Faces Continuing Talent Crunch: Hashtag Trending

Report Says Canada's Tech Sector Faces Continuing Talent Crunch Amid Rapid AI Advancements, Study Reveals reCAPTCHA's Lousy At...

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

homson Reuters Wins Landmark AI Copyright Case: Hashtag Trending for Thursday, February 13, 2025

Thomson Reuters Wins Landmark AI Copyright Case, Tumblr joins the fediverse and converts to WordPress, The US and...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways