VERY IMPORTANT

Trustwave SpiderLabs has been monitoring the rise of Phishing-as-a-Service (PaaS) platforms, focusing on a kit named 'Rockstar 2FA' linked to widespread adversary-in-the-middle (AiTM) phishing attacks. The campaign, targeting Microsoft user accounts, employs car-themed web pages and has seen a significant increase since August 2024. Rockstar 2FA, an updated version of the DadSec/Phoenix kit, operates under a PaaS model and offers features like 2FA bypass, cookie harvesting, and antibot protection. The attacks use various email delivery mechanisms and themes to bypass traditional filters, affecting users across multiple sectors and regions.