- Experts warn of Tycoon2FA have obtained new improvements for obfuscation and evasion
- The platform is used to avoid MFA in Google and Microsoft accounts
- It is very popular among cybercriminals
Tycoon2FA, an infamous Phishing platform as a service (Phaas), has improved a lot, which has made it even more difficult to detect and eliminate, experts have warned.
Cybersecurity researchers Trustwave said they have seen three new updates to the Phaas platform, better known for their ability to avoid multifactor protection (MFA) in Microsoft and Google accounts.
It works as an adversary attack in the middle (AITM), intercepting login credentials and session cookies to obtain unauthorized access to user accounts, including those insured with MFA. It was also updated on numerous occasions in the past, and its operators focused mainly on obfuscation and evasion.
(Revolution
Now, Trustwave says that Tycoon2fa uses invisible unicode characters to hide binary data within human eyes, evading the manual analysis and static patterns combat.
Then, he changed the cloudflare tourniquet to a self -host captcha through HTML canvases with random elements, according to reports to avoid fingerprints and markers due to domain reputation systems.
Finally, it now includes the JavaScript anti-defense code that detects browser automation tools and blocks some analysis tools.
These changes are not revolutionary, or particularly new in the Phaas ecosystem, the tensions of the trust waves. However, when combined, they make detection and analysis much more difficult.
Tycoon 2FA was first seen in mid -2023, but with the beginning of 2024, he obtained an important update, with the tool using approximately 1,100 domains, and is being used in “thousands” of phishing attacks.
The platform is sold in underground forums, with prices that start at $ 120 for 10 days of access, so it is accessible for a wide range of cybercriminals.
Some researchers claim that the platform is very popular in the underground community. Apparently, between August 2023 (when it was first launched) and March 2024, the Bitcoin wallet linked to the operation raised more than $ 400,000 in crypts at that time.
Through Bleepingcomputer
