Security News > 2024 > March > New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts
Cybercriminals have been increasingly using a new phishing-as-a-service platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication protection.
Tycoon 2FA attacks involve a multi-step process where the threat actor steals session cookies by using a reverse proxy server hosting the phishing web page, which intercepts the victim's input and relays them to the legitimate service.
Stage 0 - Attackers distribute malicious links via emails with embedded URLs or QR codes, tricking victims into accessing phishing pages.
Stage 2 - Background scripts extract the victim's email from the URL to customize the phishing attack.
Stage 6 - Finally, victims are directed to a legitimate-looking page, obscuring the phishing attack's success.
Regarding the scale of operations, Sekoia reports that it's substantial, as there's evidence of a broad user base of cybercriminals currently utilizing Tycoon 2FA for phishing operations.
News URL
Related news
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Microsoft: Licensing issue blocks Microsoft 365 Family for some users (source)
- ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)
- Attackers phish OAuth codes, take over Microsoft 365 accounts (source)
- Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts (source)