Mirage2FA phishing kit uses HTML smuggling to target Microsoft 365 users

Fortra identified Mirage2FA, a phishing kit that uses HTML smuggling and obfuscated JavaScript to mimic Microsoft 365 sign-in pages and steal credentials during MFA prompts in an email campaign tied to cheacker[.]store.