
Tycoon2FA Phishing Kit Targets Microsoft 365 Accounts via Device-Code Phishing
Security
The Tycoon2FA phishing kit has been updated to conduct device-code phishing attacks, targeting Microsoft 365 accounts by abusing Trustifi’s click-tracking URLs. This technique allows threat actors to bypass multi-factor authentication (MFA) protections and gain unauthorized access to victim accounts. The attack leverages Microsoft’s device code authentication flow, which is designed for devices with limited input capabilities but can be exploited if users approve malicious requests. No specific dates, CVE IDs, or victim counts were disclosed in the report. The primary impact includes account takeover and potential data exfiltration or further compromise of enterprise environments.