Pinterest Visual Bookmark: The link leads to a page hosted on Pinterest, displaying a Microsoft logo and a “Visit” button. Fake Timesheet Notification: According to SpiderLabs’ post on X, the attack begins with an email titled “Timesheet Report,” claiming new information has been added to the recipient’s timesheet. Obfuscated Code: The phishing pages use heavily obfuscated JavaScript and HTML code, making it difficult for security tools and analysts to detect malicious intent. The email includes a “View Timesheet” button, which redirects the user to a Pinterest Visual Bookmark link. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Session Cookie Harvesting: Tycoon 2FA intercepts session cookies from Microsoft 365 or Gmail accounts, allowing attackers to bypass MFA even if it’s enabled. Cloudflare CAPTCHA Challenge: Clicking “Visit” redirects users to a page with a Cloudflare CAPTCHA challenge. Fake Microsoft Login Page: After completing the CAPTCHA, users are taken to a fake Microsoft login page. First identified in August 2023, it has evolved significantly to bypass MFA protections, making it one of the most advanced phishing kits in circulation. Spider labs warn users to stay vigilant as these attacks aim to bypass Multi-Factor Authentication (MFA) and harvest sensitive credentials. By exploiting trusted platforms like Pinterest and bypassing MFA protections, attackers are making it harder for traditional defenses to keep up. Traffic Filtering: The phishing kit employs advanced traffic filtering techniques, such as blocking datacenter IPs, Tor traffic, and specific bot user agents. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 18 Feb 2025 06:40:06 +0000