The Tycoon 2FA phishing kit, used in advanced phishing attacks, has been updated to evade traditional security measures and hinder analysis. This new version, first seen in November 2024, enables attackers to bypass multi-factor authentication (MFA). They do this by exploiting vulnerabilities in the 2FA process, particularly targeting Microsoft 365 sessions.
Key tactics of the Tycoon 2FA kit include:
- Using Legitimate Email Accounts: Phishing emails are sent from compromised, legitimate email addresses, increasing the chances of success.
- Obstructive Source Code: The phishing page’s source code is designed to obstruct automated security tools. It also makes the page harder to analyze.
- Keystroke Detection: The kit listens for keystrokes, blocking inspection tools and redirecting to unrelated websites if analysis is detected.
- Right-Click and Copy Restrictions: It disables right-clicking and prevents users from copying text. This makes it more difficult to examine the page for malicious content.
As phishing attacks become more sophisticated, organizations must adopt multi-layered defense strategies. They should continuously update their security measures to stay ahead of these evolving threats.
https://blog.barracuda.com/2025/01/22/threat-spotlight-tycoon-2fa-phishing-kit