Skip to main content
Customer Support Customer Support

Tycoon2FA phishing kit rolled out significant updates

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

April 14, 2025 By Pierluigi Paganini

 

The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities.

Tycoon2FA, a phishing kit discovered in 2023 by cybersecurity firm Sekoia, was recently updated to improve its evasion capabilities.

The phishing kit now uses advanced evasion tactics such as a custom CAPTCHA via HTML5 canvas, invisible Unicode in obfuscated JavaScript, and anti-debugging scripts to bypass detection and hinder analysis.

“Lately, the Tycoon 2FA landing pages have incorporated a clever obfuscation technique using invisible Unicode characters. This technique, when paired with JavaScript Proxy objects, is designed to complicate static analysis and defer script execution until runtime.” reported Trustwave. “This behavior is demonstrated in a real-world Tycoon 2FA phishing landing page, as shown in this Urlscan.io session: https://urlscan.io/result/0195c73f-bfd0-7000-8386-94b11ace6088/dom/

Tycoon2FA PhaaS
Source: Trustwave – Tycoon 2FA using invisible Unicode characters to encode JavaScript code. The obfuscation is actually quite simple but clever.

 

>>Full Article<<

    0 replies

    Be the first to reply!

    Reply


    Terms & Conditions