Zscaler has published a report on a new phishing kit dubbed “BlackForce” that uses Man-in-the-Browser (MitB) attacks to steal credentials and bypass multi-factor authentication. Notably, the kit “features a vetting system to qualify targets, after which a live operator takes over to orchestrate a guided compromise.”