New Tycoon 2FA Phishing Kit Attacking Microsoft 365 & Gmail Users

26 March 2024

Hackers use 2FA (Two-Factor Authentication) phishing kits to overcome the additional security layer provided by 2FA. These kits typically mimic legitimate login pages and prompt users to enter their credentials along with the one-time passcodes generated by their authenticator apps or sent via SMS. Through proactive threat hunting, Sekoia analysts uncovered a new and widespread Adversary-in-The-Middle (AiTM) phishing kit called Tycoon 2FA in October 2023. This Phishing-as-a-Service (PhaaS) platform has been actively used by multiple threat actors since at least August 2023 to conduct effective phishing attacks. Continuous monitoring revealed Tycoon 2FA as one of the most prevalent AiTM kits, with over 1,100 associated domains identified between late October 2023 and late February 2024.

Source: GBHackers

Date:

26 March 2024

Categorie(s):

NEWS

Tag(s):

IT, New, News, Phishing Kit

Dating apps kiss’n’tell all sorts of sensitive personal info4 May 2024
Multilogin Antidetect Browser Review 20244 May 2024
Navigating the API Security Landscape: A CEO’s Perspective on Embedding Zero Trust Principles4 May 2024
Lightsail VPN Review: Is Lightsail VPN Safe? [+Best Alternatives]4 May 2024
How To Secure Your Business In The Times Of All-pervasive Hackers4 May 2024