Security News Threat actors use Tycoon 2FA kits to target MS 365 and Gmail accounts

vtqhtr413

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,494
Content source
https://windowsreport.com/threat-actors-use-tycoon-2fa-kits-to-steal-your-data-via-fake-login-pages/
Hackers use the phishing-as-a-service (PAAS) platform known as Tycoon 2FA to target Microsoft 365 and Gmail accounts. Their method bypasses two-factor authentication (2FA) systems. Also, the PAAS tool is similar to other Adversary-in-The-Middle (AiTM) phishing platforms such as Dadsec OTT. Thus, cyber security specialists believe that cybercriminals reuse the code.

The Tycoon 2FA quickly became one of the most widespread AiTM phishing kits. As a result, more than a thousand domains are using it. Unfortunately, cybercriminals worked fast and updated their tool to a new version that enhances its obfuscation and anti-detection capabilities. Also, they added a feature that changes network traffic patterns.

Threat actors who use Tycoon 2FA send fake emails with embedded URLs or QR codes. By accessing them, you will get to a security challenge. After completion, they will extract your email address from the URL. Then, you will be redirected to a fake login page. Once you log in, you will encounter a fake two-factor authentication. From there, the hackers will get access to bypass security measures and steal your data.
Click to expand...
windowsreport.com

Threat actors use Tycoon 2FA kits to steal your data via fake login pages

Threat actors use a new Tycoon 2FA kit to bypass two-factor authentication services and steal your Microsoft 365 and Gmail login details.
windowsreport.com windowsreport.com
 
  • Like
  • +Reputation
Reactions: brambedkar59, TairikuOkami, oldschool and 1 other person
vtqhtr413

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,494
TairikuOkami said:
So even we exclude AV, DNS, anti-phishing protection, there is a simple password manager, which auto-fills data only on a proper domain. 🥱
Click to expand...
It is a deflating story, I agree, it's not my intention to sadden or scare anyone with these posts, it's just the reality of our day. Like an old member here used to say 'Stay Frosty', which means, never let your guard down (y)
 
  • Like
  • Applause
Reactions: TairikuOkami and Jonny Quest

Similar threads

Gandalf_The_Grey
    • Like
Security News New phishing attack steals your Instagram backup codes to bypass 2FA
Replies
0
Views
1,136
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • +Reputation
    • Like
Security News US Health Dept warns hospitals of hackers targeting IT help desks
Replies
1
Views
1,476
Security News
Practical Response
Practical Response
vtqhtr413
    • +Reputation
    • Like
Security News ScarCruft APT Group Gears Up to Target Cybersecurity Pros
Replies
0
Views
1,211
Security News
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top