Tycoon 2FA’s coordinated takedown knocked out 330 domains and sharply reduced its monthly attack volume, but the phishing ecosystem quickly adapted and dispersed. Competitors like Mamba 2FA, EvilProxy, and Sneaky 2FA have absorbed activity and attackers are increasingly adopting device code phishing techniques. #Tycoon2FA #Mamba2FA #EvilProxy #Sneaky2FA #DeviceCodePhishing
Keypoints
- Law enforcement seized 330 Tycoon 2FA domains, dropping its output from over 9 million to just over 2 million attacks per month.
- Phishers migrated to rival PhaaS providers, driving rapid growth at Mamba 2FA, EvilProxy, and Sneaky 2FA.
- Attackers are reusing Tycoon tools, code, and artifacts, increasing sophistication across competing phishing kits.
- Device code phishing has surged recently, with many kits incorporating OAuth and new-device login flow abuse.
- The trend reflects an evolution beyond password theft and MFA skimming toward advanced account takeover techniques.
Read More: https://www.darkreading.com/threat-intelligence/tycoon-2fa-hackers-device-code-phishing