Tycoon2FA phishing kit targets Microsoft 365 with new tricks

Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. Tycoon2FA was discovered in October 2023 by Sekoia researchers, who later reported significant updates on the phishing kit that increased its sophistication and effectiveness. Trustwave now reports that the Tycoon 2FA threat actors have added several improvements that bolster the kit's ability to bypass detection and endpoint security protections. The first highlighted change is the use of invisible Unicode characters to hide binary data within JavaScript, as first reported by Juniper Threat Labs in February. This tactic allows the payload to be decoded and executed as normal at runtime while evading manual (human) and static pattern-matching analysis. Using Unicode to hide malicious code snippets Source: Trustwave The second development is the switch from Cloudflare Turnstile ... Read full article.