Tycoon 2FA: Phishing Platform Back Online

Despite recent law enforcement actions, the Tycoon 2FA phishing platform is active again with an upgraded infrastructure. This Phishing-as-a-Service (PhaaS) allows attackers to bypass two-factor authentication (2FA) by stealing session cookies. The new version employs sophisticated traffic-cloaking methods and rotates malicious domains faster to evade security filters. Users are advised to be extremely cautious with email links and, where possible, use hardware security keys instead of SMS codes for authentication. Source: MKD CIRT https://mkd-cirt.mk/tycoon2fa-fising-platformata-povtorno-aktivna-po-neodamnesnata-policiska-akcija/ Bleeping Computer – Tycoon2FA phishing platform returns after recent police disruption Bleeping Computer

Europol-led Operation Downs Tycoon 2FA

In a major international law enforcement operation led by Europol, the infrastructure of Tycoon 2FA was dismantled. This platform was linked to over 64,000 phishing attacks worldwide. The action resulted in server seizures and the arrest of key individuals involved in maintaining this criminal service. While this is a significant blow to the cybercrime ecosystem, experts warn that such platforms often reappear quickly under different names. Source: MKD CIRT https://mkd-cirt.mk/operacija-predvodena-od-europol-go-urna-tycoon-2fa-phishing-as-a-service-povrzan-so-64-000-napadi/ The Hacker News – Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks The Hacker News

Fake Cryptocurrency Scam Abusing Gemini Brand

Criminals are exploiting the popularity of Gemini AI to promote a fake cryptocurrency. The scam spreads via social media and fraudulent ads claiming Google is launching its own token. Victims are directed to professional-looking websites to invest funds that subsequently disappear. It is important to remember that tech giants rarely launch cryptocurrencies this way; always verify through official channels. Source: https://mkd-cirt.mk/izmama-ja-zloupotrebuva-gemini-za-da-gi-ubedi-lugjeto-da-kupat-lazna-kriptovaluta/ DarkReading – Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto DarkReading

Fake SMS Traffic Fine Scams

A campaign involving fake SMS notifications for alleged unpaid traffic fines is active in the region. The messages contain links leading to fraudulent websites mimicking official government portals. The goal is to steal citizens’ credit card data. Authorities remind the public that traffic fines are not delivered via SMS with payment links. Source: MKD CIRT https://mkd-cirt.mk/%e2%9a%a0%ef%b8%8f-predupreduvane-lazni-sms-imessage-poraki-za-soobrakajni-kazni/

Fake Windows Activation (MAS) Domain Spreads Malware

The popular Microsoft Activation Scripts (MAS) tool has been impersonated by a fake domain appearing high in search results. Users attempting to download the script instead receive malicious PowerShell software that steals data and allows remote control. This is a classic example of “SEO poisoning,” where attackers manipulate search engines to lead victims to malicious sites. Source: https://mkd-cirt.mk/lazen-domen-za-aktivacija-na-windows-mas-koristen-za-sirene-powershell-maliciozen-softver/ Bleeping Computer – Fake MAS Windows activation domain used to spread PowerShell malware Bleeping Computer

CISA: Spyware Attacks Targeting High-Value Signal/WhatsApp Users

The CISA has warned of active spyware campaigns targeting specific Signal and WhatsApp users, including politicians and activists. Attackers use sophisticated social engineering to convince victims to install “security certificates” that are actually surveillance tools. CISA recommends using protective modes and regularly restarting devices to disrupt potential infections. https://mkd-cirt.mk/cisa-predupreduva-za-aktivni-kampani-na-spionski-softver-koi-gi-targetiraat-korisnicite-na-signal-i-whatsapp-so-visok-vrednost/ The Hacker News – CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users SecurityWeek The Hacker News

ClickFix: Fake Windows Update Screen

A new attack type called ClickFix tricks users by displaying a fake screen that looks like a legitimate Windows Update. Instead of updating the system, the page instructs the user to press a specific key combination or copy a code into the PowerShell console. By doing so, the user unknowingly infects their own system. Windows never requires users to manually execute code from websites for updates. Source: https://mkd-cirt.mk/clickfix-napad-koristi-lazen-ekran-za-windows-update-za-sirene-maliciozen-softver/ Bleeping Computer – ClickFix attack uses fake Windows Update screen to push malware Bleeping Computer

FREE CYDVISE package from CYDVISE is now available!

FREE CYDVISE package from CYDVISE is now available! Register and visit our SHOP, choose FREE CYDVISE package for free. Start reading offered articles from Cydvise Team, stay informed and learn from our advices and recommendations. Enjoy the offered free content plus additional content from our paid packages for a limited time during the promotion period. Our paid BASIC and PREMIUM packages will be available soon.

Your Personal CYber aDVISEr – CYDVISE is COMING SOON

Your Personal CYber aDVISEr – CYDVISE is COMING SOON