Posted 3/26/2024, 11:44:25 AM
New Phishing Kit Bypasses 2FA on Gmail and Microsoft Accounts
- New version of Tycoon 2FA phishing kit targets Gmail and Microsoft 365 accounts with improved obfuscation to avoid detection
- Kit allows cybercriminals to bypass 2FA protections on accounts by intercepting authentication tokens
- Phishing pages and kit being sold on cybercrime forums, with Gmail phishing pages starting at $120
- Attacks typically start with phishing email containing malicious links, ask victim to enter credentials, then bypass 2FA
- Security experts say these kits undermine 2FA by tricking users into entering valid credentials into phishing pages