Despite recent law enforcement actions, the Tycoon 2FA phishing platform is active again with an upgraded infrastructure. This Phishing-as-a-Service (PhaaS) allows attackers to bypass two-factor authentication (2FA) by stealing session cookies. The new version employs sophisticated traffic-cloaking methods and rotates malicious domains faster to evade security filters. Users are advised to be extremely cautious with email links and, where possible, use hardware security keys instead of SMS codes for authentication.
Source: MKD CIRT https://mkd-cirt.mk/tycoon2fa-fising-platformata-povtorno-aktivna-po-neodamnesnata-policiska-akcija/
Bleeping Computer – Tycoon2FA phishing platform returns after recent police disruption Bleeping Computer
