All news with #mfa bypass tag

Hybrid 2FA Phishing Kits Evade Kit-Specific Detection

🔐 Researchers at Any.Run report a hybrid 2FA-phishing strain that fuses elements of Salty2FA and Tycoon2FA, producing payloads that evade detection rules tuned to either kit alone. The samples begin with Salty-style obfuscation and trampoline JavaScript, then shift into Tycoon’s DGA domains and AiTM execution chain. Analysts warn defenders to focus on behavioral patterns and fallback routines rather than static indicators of compromise.