Sneaky 2FA, believed to be sold via the phishing-as-a-service (PhaaS) business model, recently figured in an adversary-in-the-middle (AitM) attack targeting Microsoft 365 users. Marketed as Sneaky Log by a full-featured bot on Telegram, Sneaky 2FA reportedly used fake Microsoft authentication pages with automatically filled-in email address fields to add to its sense of authenticity.