Security News > 2024 > March > New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts

New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts
2024-03-25 16:56

Cybercriminals have been increasingly using a new phishing-as-a-service platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication protection.

Tycoon 2FA attacks involve a multi-step process where the threat actor steals session cookies by using a reverse proxy server hosting the phishing web page, which intercepts the victim's input and relays them to the legitimate service.

Stage 0 - Attackers distribute malicious links via emails with embedded URLs or QR codes, tricking victims into accessing phishing pages.

Stage 2 - Background scripts extract the victim's email from the URL to customize the phishing attack.

Stage 6 - Finally, victims are directed to a legitimate-looking page, obscuring the phishing attack's success.

Regarding the scale of operations, Sekoia reports that it's substantial, as there's evidence of a broad user base of cybercriminals currently utilizing Tycoon 2FA for phishing operations.


News URL

https://www.bleepingcomputer.com/news/security/new-mfa-bypassing-phishing-kit-targets-microsoft-365-gmail-accounts/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 681 811 4541 4194 3708 13254