Tycoon is back with a new phishing trick! The threat group has updated its tactics, using PDF lures and clever redirects to steal credentials. The script first displays a Cloudflare “Verify You’re a Human” check: a common tactic used to bypass automated security scans and filter out bots. A single overlooked phishing attempt can lead to credential theft, ransomware infections, and unauthorized access to sensitive business data. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Victims are tricked into clicking a fake company policy notice, leading them straight to a phishing site. After passing this check, the victim is redirected to a fake Outlook login page designed to steal credentials. Note: If the phishing attempt targets a Windows user, the fake Outlook page loads. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security. The attack begins with a PDF disguised as an official notice, warning the victim of a Company Device Policy Violation. Security researchers have seen this tactic before: using PHP files with embedded JavaScript to execute redirections. Once the victim clicks the link, they are first redirected to /.res444.php/, a PHP script that executes JavaScript. This subtle yet effective trick will help adversaries to evade detection and improve their phishing success rate. Cybercriminals like Tycoon are constantly refining their tactics, making phishing attacks more deceptive and harder to detect. Their latest approach shows how even a simple PDF can lead to compromised accounts, stolen data, and serious business disruptions. If the victim is using Linux, a fake gym website appears instead.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 12 Mar 2025 17:20:27 +0000