Security News Threat actors use Tycoon 2FA kits to target MS 365 and Gmail accounts

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,526
Hackers use the phishing-as-a-service (PAAS) platform known as Tycoon 2FA to target Microsoft 365 and Gmail accounts. Their method bypasses two-factor authentication (2FA) systems. Also, the PAAS tool is similar to other Adversary-in-The-Middle (AiTM) phishing platforms such as Dadsec OTT. Thus, cyber security specialists believe that cybercriminals reuse the code.

The Tycoon 2FA quickly became one of the most widespread AiTM phishing kits. As a result, more than a thousand domains are using it. Unfortunately, cybercriminals worked fast and updated their tool to a new version that enhances its obfuscation and anti-detection capabilities. Also, they added a feature that changes network traffic patterns.

Threat actors who use Tycoon 2FA send fake emails with embedded URLs or QR codes. By accessing them, you will get to a security challenge. After completion, they will extract your email address from the URL. Then, you will be redirected to a fake login page. Once you log in, you will encounter a fake two-factor authentication. From there, the hackers will get access to bypass security measures and steal your data.
 

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,526
So even we exclude AV, DNS, anti-phishing protection, there is a simple password manager, which auto-fills data only on a proper domain. 🥱
It is a deflating story, I agree, it's not my intention to sadden or scare anyone with these posts, it's just the reality of our day. Like an old member here used to say 'Stay Frosty', which means, never let your guard down (y)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top