1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A new phishing kit is targeting Gmail and Microsoft email account

    From TechnologyDaily@1337:1/100 to All on Tue Mar 26 17:30:05 2024
    A new phishing kit is targeting Gmail and Microsoft email accounts and it
    can even bypass 2FA

    Date:
    Tue, 26 Mar 2024 17:20:12 +0000

    Description:
    Two-factor authentication isn't what it used to be as hackers find new ways
    to work around to attack Gmail and Microsoft email accounts.

    FULL STORY ======================================================================

    A brand new phishing kit is gaining popularity in the underground community, researchers have claimed.

    Tycoon 2FA does a good job at evading security analysts, while allowing
    threat actors to bypass even two-factor authentication (2FA), according to cybersecurity experts at Sekoia, who recently detailed the newest iteration
    of the Phishing-as-a-Service (PhaaS) solution.

    As per the report, Tycoon 2FA was first spotted in mid-2023, but with the start of 2024, its gotten a major upgrade, with the tool using roughly 1,100 domains, and is being used in thousands of phishing attacks. Bypassing 2FA

    To put things into perspective, the Bitcoin wallet linked to the operation
    has seen more than 500 transactions since August last year, when the PhaaS first launched. These transactions were around $120, the entry price for a 10-day phishing link.

    By March this year, the operators raked in almost $400,000 worth of cryptos.

    As for the upgrades, there are two crucial ones, Sekoia reports. The first
    one makes the tool harder to spot and analyze. With changes to the JavaScript and HTML code, changes in the order of resource retrieval, and better filtering, dissecting the service was a much bigger challenge. Whats more,
    all the Tor traffic and IP addresses are better identified, and bad traffic gets rejected depending on specific user-agent strings.

    The second one is the ability to bypass two-factor authentication . By using
    a reverse proxy server to host the phishing page, the attackers are able to intercept victim input, stealing session cookies and 2FA codes.

    "Once the user completes the MFA challenge, and the authentication is successful, the server in the middle captures session cookies," Skoia said in its report.

    Multi-factor authentication has always been considered a great defense mechanism, but lately, threat actors have been getting better at working around it.

    Via BleepingComputer More from TechRadar Pro Comcast Xfinity accounts are being attacked in 2FA bypass attacks Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-new-phishing-kit-is-targeting-gmail-a nd-microsoft-email-accounts-and-it-can-even-bypass-2fa


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)