Newsletter
In today’s technological age, most people believe that using two-factor authentication is their last line of defense. While this assumption is not wrong, there are ways hackers can bypass 2FA and steal personal data. Those who want to get around the 2FA security system allegedly use a new Adversary-in-The-Middle (AiTM) phishing kit called Tycoon 2FA, which is a threat to both Microsoft 365 and Gmail.
The kit is linked with the Tycoon 2FA Phishing-as-a-Service (PhaaS) platform. Using the kit, hackers are trying to target Microsoft 365 and Gmail accounts. With this kit and techniques like using Apple’s customer care number to trick unsuspecting victims, the threat of phishing attacks is higher than ever.
What is the new Gmail threat, the Tycoon 2FA phishing kit?
First discovered by the Sekoia Threat Detection & Research team, Tycoon 2FA is a Phishing-as-a-Service platform originally advertised through private Telegram channels. It works using an Adversary-in-The-Middle phishing kit, where a reverse proxy server hosts the phishing page. Legitimate services then relay the credentials.
There are a few steps that victims follow that make the Tycoon 2FA attack a success for the hackers. The attack usually begins when a victim receives an email with a malicious QR code or website that directs the victim to the phishing site. When interacted with, the QR code or link has victims visit Cloudflare security check that many websites utilize to prevent unwanted traffic and filter out the bots. Thanks to how common these challenges or checks are, most people don’t think much of it.
Once the victims complete the security challenge, they are redirected to a fake Microsoft page that harvests their credentials. At this stage, the kit mimics the 2FA prompts, such as SMS OTP, call verifications and authenticator app push notifications. By getting their hands on the 2FA inputs, hackers can generate valid session cookies and bypass Multifactor Authentication (MFA) protections.
Once the hackers authenticate using the relayed credentials, the victims are redirected to a legitimate-looking error page. The page conceals the success of the phishing attack. However, since the attackers can freely access the victim’s accounts, they can do anything with them.
How to protect yourself against Tycoon 2FA?
These phishing scams use sophisticated methods to trick their prey into assuming they input their credentials into legitimate websites. However, you can protect yourself using some of these steps. Firstly, avoid trusting links and QR codes sent to you via unsolicited emails or messages, and visit official sites manually to verify.
You can also use a 2FA method that uses hardware security keys or biometrics, as hackers can not bypass those using phishing attacks. Lastly, read up on all the new phishing techniques that hackers are using so you can better prepare yourself. After all, techniques hackers use to acquire user credentials are ever-evolving, and staying on your toes is crucial.