Microsoft 365 and Gmail accounts have been increasingly targeted with attacks leveraging the new Tycoon 2FA phishing-as-a-service kit with two-factor authentication evasion capabilities, according to BleepingComputer.
Attacks with Tycoon 2FA commence with the delivery of emails with malicious links, which will be followed by bot filtering to limit phishing site visits, email address extraction, and additional redirections to a fraudulent Microsoft login page and a 2FA challenge to compromise credentials and 2FA tokens, respectively, before redirecting to a seemingly legitimate web page, a report from Sekoia revealed. Further examination of the phishing kit revealed significant improvements since its discovery in October, including more robust filtering and updated HTML and JavaScript code, as well as improved labeling for data center-linked Tor network traffic or IP addresses in a bid to bolster stealth. More than $394,000 worth of cryptocurrency has already been obtained by the cryptocurrency wallet leveraged in Tycoon 2FA attacks, researchers added.