Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

Threat actors operating the Tycoon 2FA phishing toolkit have adopted device code phishing to bypass multi-factor authentication. This technique exploits legitimate OAuth device authorization flows, tricking victims into unknowingly granting attackers access to their accounts. The approach is particularly effective because it leverages genuine authentication mechanisms, making traditional 2FA protections ineffective. Organizations should implement conditional access policies, monitor for anomalous authentication patterns, and train users to recognize phishing attempts targeting device code authorization requests.

In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.

Threat actors operating the Tycoon 2FA phishing toolkit have adopted device code phishing to bypass multi-factor authentication. This technique exploits legitimate OAuth device authorization flows, tricking victims into unknowingly granting attackers access to their accounts. The approach is particularly effective because it leverages genuine authentication mechanisms, making traditional 2FA protections ineffective. Organizations should implement conditional access policies, monitor for anomalous authentication patterns, and train users to recognize phishing attempts targeting device code authorization requests. In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow. In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.