The Tycoon 2FA phishing-as-a-service platform is now using OAuth device code phishing to compromise devices that are protected by multifactor authentication, according to eSentire’s Threat Response Unit (TRU). Tycoon 2FA is one of the most active phishing kits and has resumed normal operations following a law enforcement takedown earlier this year.