Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

A new phishing kit is targeting Gmail and Microsoft email accounts — and it can even bypass 2FA

A padlock resting on a keyboard.

A brand new phishing kit is gaining popularity in the underground community, researchers have claimed.

Tycoon 2FA does a good job at evading security analysts, while allowing threat actors to bypass even two-factor authentication (2FA), according to cybersecurity experts at Sekoia, who recently detailed the newest iteration of the Phishing-as-a-Service (PhaaS) solution.

As per the report, Tycoon 2FA was first spotted in mid-2023, but with the start of 2024, it’s gotten a major upgrade, with the tool using roughly 1,100 domains, and is being used in “thousands” of phishing attacks. 

Bypassing 2FA

To put things into perspective, the Bitcoin wallet linked to the operation has seen more than 500 transactions since August last year, when the PhaaS first launched. These transactions were around $120, the entry price for a 10-day phishing link.

By March this year, the operators raked in almost $400,000 worth of cryptos.

As for the upgrades, there are two crucial ones, Sekoia reports. The first one makes the tool harder to spot and analyze. With changes to the JavaScript and HTML code, changes in the order of resource retrieval, and better filtering, dissecting the service was a much bigger challenge. What’s more, all the Tor traffic and IP addresses are better identified, and bad traffic gets rejected depending on specific user-agent strings. 

The second one is the ability to bypass two-factor authentication. By using a reverse proxy server to host the phishing page, the attackers are able to intercept victim input, stealing session cookies and 2FA codes.

"Once the user completes the MFA challenge, and the authentication is successful, the server in the middle captures session cookies," Skoia said in its report. 

Multi-factor authentication has always been considered a great defense mechanism, but lately, threat actors have been getting better at working around it.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.