37 matches found
Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft
A new phishing-as-a-service PhaaS operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle AitM tactics, antibot evasion, artificial intelligence AI-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed...
INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator
An INTERPOL-led operation last month resulted in the disruption of Sniper Dz , a decade-long phishing-as-a-service PhaaS platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle...
Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real
Attackers have a new trick to steal your username and password: fake browser pop-ups that look exactly like real sign-in windows. These “Browser-in-the-Browser” attacks can fool almost anyone, but a password manager and a few simple habits can keep you safe. Phishing attacks continue to evolve, a...
The Democratization of Phishing: Popularity of PhaaS platforms on the rise
The Democratization of Phishing: Popularity of PhaaS Platforms on the Rise By Ryan Slaney · June 30, 2025 The phishing industry is being profoundly reshaped by the surge of Phishing-as-a-Service PhaaS platforms. These accessible, often Artificial Intelligence AI-powered, offerings are democratizi...
State-of-the-art phishing: MFA bypass
Cybercriminals are bypassing multi-factor authentication MFA using adversary-in-the-middle AiTM attacks via reverse proxies, intercepting credentials and authentication cookies. The developers behind Phishing-as-a-Service PhaaS kits like Tycoon 2FA and Evilproxy have added features to make them...
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hostin...
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims' DNS Email Records
Cybersecurity researchers have shed light on a new phishing-as-a-service PhaaS platform that leverages the Domain Name System DNS mail exchange MX records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishi...
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Cybersecurity researchers have detailed a new adversary-in-the-middle AitM phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication 2FA codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French...
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service
An interruption to the phishing-as-a-service PhaaS toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm. "It appears that the Rockstar2FA group running the service experienced at least a partial collapse of its infrastructure, with page...
Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks
Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service PhaaS toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. "This campaign employs an AitM adversary-in-the-middle attack, allowing attackers to intercept user...
Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials
More than 140,000 phishing websites have been found linked to a phishing-as-a-service PhaaS platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin pan...
This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps
A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service MaaS offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023,...
Oyster Backdoor Spreading via Trojanized Popular Software Downloads
A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster aka Broomstick and CleanUpLoader. That's according to findings from Rapid7, which identified lookalike websites hosting the malicious payload...
Tale of Greatness: Journey Through Dark Roads
Tale of Greatness: Journey Through Dark Roads By Daksh Kapur, Vihar Shah, Pooja Khyadgi · May 22, 2024 Cybercriminals have a new weapon in their arsenal: Greatness, a PaaS tool specifically designed to steal your Microsoft 365 login credentials. First detected in mid-2022, it allows attackers to...
Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns
Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...
A week in security (April 15 – April 21)
Last week on Malwarebytes Labs: Law enforcement reels in phishing-as-a-service whopper Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million Cannabis investment scam JuicyFields ends in 9 arrests Should you share your location with your partner? Giant Tiger...
Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide
As many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost that has been used by criminal actors to steal personal credentials from victims around the world. Described as one of the largest Phishing-as-a-Service PhaaS providers, LabHo...
Malicious Ads on Google Target Chinese Users with Fake Messaging Apps
Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will...
Scanning Danger: Unmasking the Threats of Quishing
Scanning Danger: Unmasking the Threats of Quishing By Shyava Tripathi and Rohan Shah · December 7, 2023 This blog was also written by Raghav Kapoor Phishing, a prevalent cybercrime worldwide, is responsible for as much as 90 percent of data breaches, making it a significant avenue for the theft o...
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities
Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service PhaaS operation called BulletProofLink. The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police AFP and the U.S. Federal Bureau of Investigation...