Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Bitpanda impersonation phishing campaign using fake MFA flow

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

A phishing campaign impersonating Bitpanda is stealing credentials and personal data from cryptocurrency brokerage users, raising account-takeover risk. The operation uses a near-perfect fake login flow, including staged MFA screens and a fraudulent site created days before analysis. Victims are prompted to submit names, phone numbers, addresses, and dates of birth, expanding the attack beyond simple password theft. The collected data could support password resets, fraudulent support requests, and access to other accounts that rely on personal verification.

Related Happenings

Infostealer malware operation targeting online store users

Malware Activity
First: 21.05.2026 00:36 Last: 21.05.2026 00:36 Sources 1

About this happening: A **malware operation** using **infostealer** tools infected users’ devices between **2024 and 2025**, stealing browser sessions and account credentials that enabled account theft...

Open Happening

BlackFile vishing extortion campaign targeting retail and hospitality organizations

Campaign
First: 24.04.2026 21:26 Last: 24.04.2026 21:26 Sources 1

About this happening: The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...

Open Happening

Scattered Spider SMS phishing and SIM-swap crypto theft campaign

Campaign
First: 20.04.2026 16:33 Last: 20.04.2026 16:33 Sources 1

About this happening: The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...

Open Happening

W3LL Microsoft 365 adversary-in-the-middle phishing campaign

Campaign
First: 13.04.2026 21:55 Last: 13.04.2026 21:55 Sources 1

About this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...

Open Happening

Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 05.03.2026 08:51 Last: 05.03.2026 08:51 Sources 1

About this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....

Latest development: 17.05.2026 17:43

eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.

Open Happening

Timeline

  1. 24.02.2026 18:05 2 articles · 3mo ago

    Bitpanda impersonation phishing campaign is disclosed

    Initial Disclosure

    Cybersecurity researchers disclosed a phishing campaign impersonating cryptocurrency brokerage Bitpanda that used a near-perfect fake login page and a staged MFA flow to collect credentials and personal data. The lure began with a branded email, sent victims to a deceptive domain created days before analysis, and then redirected users back to the legitimate Bitpanda login page after harvesting names, telephone numbers, residential addresses, and dates of birth.

    Show sources
    Open in new tab