Whisper 2FA
Whisper 2FA is a phishing kit / phishing-as-a-service offering identified by Barracuda as an aggressive newer entrant in the 2025 PhaaS ecosystem and as one of the kits benefiting from the disruption of Tycoon 2FA. It is described as a lightweight kit built for fast deployment and MFA bypass, using AJAX-based exfiltration rather than complex reverse proxies. Reported MFA bypass support includes push notifications, SMS, voice calls, and app-based codes. Barracuda also noted strong anti-analysis obfuscation. The content places Whisper 2FA alongside other phishing kits such as Tycoon 2FA, Mamba 2FA, EvilProxy, Sneaky 2FA, Cephas, and GhostFrame, but does not attribute it to a specific nation state or operator. Known alias in the provided content: whisper_2fa.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A newer phishing platform described as an aggressive newcomer that expanded activity after Tycoon 2FA's disruption.
Whisper 2FA is a phishing kit focused on rapid deployment and multi-factor authentication bypass, using lightweight exfiltration and strong obfuscation.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.