Because authentication is bound to the origin (domain) and the cryptographic challenges cannot be replayed through a reverse proxy, these methods cannot be proxied, he added.
How the service worked
Tycoon2FA phishing services were advertised and sold to cybercriminals on applications like Telegram and Signal, Microsoft said in a separate blog. Prices ranged, but phishing kits started at $120 for 10 days of access to an administrative panel, which served as a single dashboard for configuring, tracking, and refining campaigns.
For defenders who don’t know how comprehensive these criminal SaaS operations can be, here’s an outline of Tycoon2FA’s service: Campaign operators could configure a broad set of campaign parameters that control how phishing content is delivered and presented to targets. Key settings include lure template selection and branding customization, redirection routing, MFA interception behavior, CAPTCHA appearance and logic, attachment generation, and exfiltration configuration.
