Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials

2026-06-26 11:06

Mirage2FA, a phishing kit that combines short-lived HTML smuggling with obfuscated JavaScript loaders to deliver fake Microsoft 365 login pages and steal credentials during MFA prompts, has been identified by researchers at Fortra. Fortra based its analysis on a suspicious HTML and JavaScript attachment delivered by email, supporting DNS data, and the second-stage phishing page. Researchers said the campaign relied on business-themed lures, including secure documents, remittance services, automated billing, and payment requests. Opening the … More →

The post Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials appeared first on Help Net Security.

This article has been indexed from Help Net Security

Read the original article:

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials

← Russia Used Cellebrite on Jailed Activist’s iPhone Months After Sales Cutoff

Mystery hackers use novel SharkLoader dropper against governments, software devs →

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials

Read the original article:

Like this:

Related

Read the original article:

Share this:

Like this:

Related

Post navigation