Whisper 2FA Behind One Million Phishing Attempts Since July

What makes Whisper 2FA stand out is its use of AJAX, a web technology that allows real-time communication between browser and server without page reloads. This enables the phishing kit to repeatedly capture credentials and multi-factor authentication (MFA) codes until it obtains a valid token.

Current versions remove readable text, add dense Base64 and XOR encoding layers, and include multiple anti-debugging features that disable shortcuts like Ctrl+Shift-I or right-click functions.

Once active, the kit can validate stolen login codes instantly through the attackers’ command-and-control (C2) systems, turning the process into a live relay between victim and attacker.

Barracuda researchers describe Whisper 2FA as a sign of how PhaaS operations have matured. The kit combines simplicity for attackers with complex evasion for defenders. By removing the need for reverse proxies and using lightweight AJAX requests, Whisper 2FA becomes harder to detect and easier to deploy.

To read the complete article see: Infosecurity Magazine