Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Threat actors use Tycoon 2FA kits to steal your data via fake login pages
The new PAAS platform targets Microsoft 365 and Gmail accounts
2 min. read
Published onMarch 26, 2024
published onMarch 26, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Hackers use the phishing-as-a-service (PAAS) platform known as Tycoon 2FA to target Microsoft 365 and Gmail accounts. Their method bypassestwo-factor authentication(2FA) systems. Also, the PAAS tool is similar to other Adversary-in-The-Middle (AiTM) phishing platforms such as Dadsec OTT. Thus, cyber security specialists believe that cybercriminals reuse the code.
The Tycoon 2FA quickly became one of the most widespread AiTM phishing kits. As a result, more than a thousand domains are using it. Unfortunately, cybercriminals worked fast and updated their tool to a new version that enhances its obfuscation and anti-detection capabilities. Also, they added a feature that changes network traffic patterns.
How do the Tycoon 2FA attacks work?
Threat actors who use Tycoon 2FA send fake emails with embedded URLs or QR codes. By accessing them, you will get to a security challenge. After completion, they will extract your email address from the URL. Then, you will be redirected to a fake login page. Once you log in, you will encounter a fake two-factor authentication. From there, the hackers will get access to bypass security measures and steal your data. In the end, you will get to the official Microsoft site.
Unfortunately, the alleged developer of the Tycoon 2FA kit sells ready-to-use Microsoft 365 and Gmail phishing pages starting at $120 for ten days. However, the payment is subject to change based on the top-level domain. Also, according toSekoia’s analysis, more than 530 crypto transactions covered over $120. On top of that, morethreat actorsare using the tool due to its low price.
Last but not least, hackers are using a newer version of Tycoon 2FA to trick you into stealing your login information. Then, they gain access to use it at will or to sell it. The tool is cheap, and many wrongdoers are using it. On top of that, the alleged developer sells phishing pages with different top-level domains. The whole stealing process starts with afake email. Thus, always verify the source and never open or download files from unknown people. In addition, for your safety, check the URL of the web pages you visit, especially if you are in a hurry.
What are your thoughts? Do you ever check the source of your emails? Let us know in the comments.
More about the topics:Cybersecurity,Phishing,security threats
Sebastian Filipoiu
Sebastian is a content writer with a desire to learn everything new about AI and gaming. So, he spends his time writing prompts on various LLMs to understand them better. Additionally, Sebastian has experience fixing performance-related problems in video games and knows his way around Windows. Also, he is interested in anything related to quantum technology and becomes a research freak when he wants to learn more.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Sebastian Filipoiu
Sebastian is a content writer with a desire to learn everything new about AI and gaming.
