All news with #phaas tag

Sneaky 2FA Kit Adds BitB Pop-ups That Mimic Address Bar

🔒 Push Security says the Sneaky 2FA Phishing-as-a-Service kit now leverages Browser-in-the-Browser (BitB) pop-ups to impersonate Microsoft login pages and conceal malicious URLs. Victims first pass a Cloudflare Turnstile bot check before a fake "Sign in with Microsoft" flow is loaded in an embedded BitB window that exfiltrates credentials and session data. The campaign pairs conditional loading, developer‑tool blocking, obfuscation, and rapid domain rotation; organizations should tighten conditional access and users should avoid unknown links and browser extensions.

Google Sues China-Based Operators of PhaaS 'Lighthouse'

⚖️ Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York against China-based operators of the PhaaS kit Lighthouse, which Google says has ensnared over one million users across 120 countries. The platform is accused of powering industrial-scale SMS phishing and smishing campaigns that impersonate trusted brands like E-ZPass and USPS to steal financial data. Google alleges the actors illegally used its trademarks on at least 107 spoofed sign-in templates and seeks to dismantle the infrastructure under the RICO, Lanham Act, and the Computer Fraud and Abuse Act. Security firms link Lighthouse to a broader PhaaS ecosystem including Darcula and Lucid, and to a smishing syndicate tracked as Smishing Triad.

Global Smishing Campaign Targets Toll, Delivery, Services

🚨 Unit 42 attributes a widespread smishing campaign to the Smishing Triad that uses urgent SMS messages and realistic phishing pages to impersonate toll, delivery and other critical services. Since April 2024 the operation has registered and churned over 194,000 malicious domains and 136,900 root domains, leveraging a Hong Kong registrar while primarily hosting on U.S. cloud infrastructure. The campaign appears powered by a large phishing-as-a-service ecosystem and seeks PII, credentials and payment data. Advanced URL Filtering and Advanced DNS Security provide protections; contact Unit 42 Incident Response for urgent help.

Salty2FA Phishing Framework Evades MFA Using Turnstile

🔒 A newly identified phishing-as-a-service called Salty2FA is being used in campaigns that bypass multi-factor authentication by intercepting verification flows and abusing trusted services like Cloudflare Turnstile. Ontinue researchers report the kit uses subdomain rotation, domain-pairing, geo-blocking and dynamic corporate branding to make credential pages appear legitimate. The framework simulates SMS, authenticator apps, push approvals and even hardware-token prompts, routing victims through Turnstile gates to filter automated analysis before harvesting credentials.