Security News > 2024 > March > New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts
Cybercriminals have been increasingly using a new phishing-as-a-service platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication protection.
Tycoon 2FA attacks involve a multi-step process where the threat actor steals session cookies by using a reverse proxy server hosting the phishing web page, which intercepts the victim's input and relays them to the legitimate service.
Stage 0 - Attackers distribute malicious links via emails with embedded URLs or QR codes, tricking victims into accessing phishing pages.
Stage 2 - Background scripts extract the victim's email from the URL to customize the phishing attack.
Stage 6 - Finally, victims are directed to a legitimate-looking page, obscuring the phishing attack's success.
Regarding the scale of operations, Sekoia reports that it's substantial, as there's evidence of a broad user base of cybercriminals currently utilizing Tycoon 2FA for phishing operations.
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts (source)