"Phishing Kit Targets Gmail and Microsoft Email Accounts, Bypasses 2FA"
Originally Published 1 year ago — by TechRadar
A new phishing kit called Tycoon 2FA is being used in "thousands" of attacks, with the ability to bypass two-factor authentication (2FA) and evade security analysts. The kit has seen significant upgrades, making it harder to detect and analyze, and allowing attackers to intercept victim input, steal session cookies, and 2FA codes. Despite the effectiveness of multi-factor authentication (MFA), threat actors are finding ways to work around it, posing a significant challenge to email and account security.