The article details the shift in the Phishing-as-a-Service (PhaaS) landscape following the takedown of the Tycoon 2FA platform, with threat actors migrating to similar kits like Mamba 2FA, Sneaky 2FA, and EvilProxy. These kits, which integrate Tycoon's tools, leverage inherent redundancy and persistent access to resist takedowns, leading to an overall increase in phishing intrusions. The report emphasizes that security defenses must adapt to target the broader underground PhaaS economy rather than individual platforms.
Phishing , Threat Intelligence Tycoon 2FA relinquishes crown to similar PhaaS platforms April 20, 2026 Share By SC Staff Last month's takedown of over 300 active domains used by the Tycoon 2FA phishing-as-a-service platform , which was once the most prolific PhaaS kit, has prompted threat actors to transfer to the Mamba 2FA, Sneaky 2FA, and EvilProxy platforms that have since integrated Tycoon 2FA's tools, according to SecurityWeek . Intrusions harnessing the four phishing kits have increased from nearly 20 million to more than 23 million despite the dismantling of Tycoon 2FA, with Mamba and EvilProxy accounting for most of the attacks, findings from a Barracuda Networks report revealed. Aside from being akin to open-source software that allows code reuse, alterations, and redeployment, PhaaS kits also feature inherent redundancy and persistent access that make them more resistant to detection and disruption. "This does not mean the takedown operation failed. Rather, it shows what happens when disruption hits a maturing underground economy, and why security defenses need to look more broadly than individual players," said Barracuda. SC Staff Related Phishing Apple account notifications abused for iPhone purchase phishing scams SC Staff April 20, 2026 The phishing campaign involves creating an Apple ID and strategically placing scam text within the first and last name fields. AI/ML Google uses Gemini AI to combat malicious ads SC Staff April 17, 2026 In 2025, Google blocked or removed 8.3 billion ads and suspended 24.9 million advertiser accounts, including 602 million ads associated with scams. Phishing ATHR platform automates voice phishing attacks with AI SC Staff April 17, 2026 ATHR, advertised for $4,000 plus a 10% commission, streamlines the entire telephone-oriented attack delivery (TOAD) process, according to Abnormal researchers. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Brute Force Deauthentication Attack Defacement Disruption Distributed Scans Dumpster Diving Google Hacking Hybrid Attack Password Cracking You can skip this ad in 5 seconds