From
Ideem— device-bound passkeys and A2A payment authentication for banks, fintechs, and payment platforms.
Most banks have implemented MFA. Most banks are still losing money to phishing. The two facts coexist because the MFA most banks implemented — SMS OTP, TOTP, push notification — was designed for a previous generation of attack. The current generation of phishing kit doesn't try to defeat MFA. It lets MFA happen, and steals the session cookie that gets created on the other side.
That's the adversary-in-the-middle model. The kits that have made it commodity — EvilProxy and Tycoon 2FA being the most prominent in 2026 — turn a phishing campaign into a transparent reverse proxy that captures everything the user types, every challenge the bank issues, and every authentication step the user completes. The fraudster sits in the middle of a real session and walks away with the cookie that legitimizes it.
This is what the actual fraud landscape looks like in 2026. And it's the reason "we have MFA" no longer means what it used to.
The mechanics are simpler than the marketing copy of any vendor would suggest. An AiTM phishing kit is a reverse proxy. The attacker registers a domain that looks like the bank's — usually with a homograph, a typosquat, or a creative subdomain — and points it at the kit's server. When a victim clicks a phishing link, the kit fetches the real bank's login page in real time and returns it, modified just enough to log everything the user types.
When the user enters their password, the kit forwards it to the real bank, which issues an MFA challenge. The kit forwards the challenge back to the user. The user completes MFA — by typing an OTP, by approving a push notification, by tapping a biometric prompt. The real bank issues a session cookie. The kit captures the cookie. Within seconds, the attacker can replay the cookie on their own device and operate as the user.
This is not a future threat. It's the baseline for organized financial services phishing in 2026.
The kits driving AiTM have professionalized in ways that look more like SaaS than malware. EvilProxy appeared in late 2022 and built a reputation for working out-of-the-box against major IdPs — Microsoft 365, Google Workspace, Okta. By 2024 it was being used in active campaigns against U.S. and EU financial services. By 2026 it ships as a polished phishing-as-a-service offering with web-based administration panels, configurable templates for hundreds of relying parties, and ongoing operational support for buyers.
Tycoon 2FA followed a similar arc. It emerged in August 2023, expanded aggressively through 2024 and 2025, and grew significant enough that in March 2026 Microsoft's Digital Crimes Unit and Cloudflare coordinated a takedown operation against its infrastructure. The takedown disrupted Workers projects, seized associated domains, and was paired with civil legal process aimed at the kit's commercial layer. Public reporting puts kit access pricing in the range of $120 for ten days and up to $350 for monthly access, depending on configuration.
The takedown is good news. It is not the end of the story. By April 2026, researchers observed Tycoon 2FA operators shifting hosting toward Alibaba Cloud and continuing to operate, and the underlying phishing-as-a-service economy is competitive enough that disrupted operators are quickly replaced by similar offerings. What this means for banks is that the technical barrier to launching a sophisticated AiTM campaign remains close to zero. The fraudster doesn't need to write the kit, doesn't need to maintain it, doesn't need to be deeply technical. They subscribe.
The reason SMS OTP, TOTP, and push notification fail against AiTM is straightforward: none of them are bound to the origin the user is interacting with. The OTP works whether the user typed it into the real bank or into a phishing proxy. The push notification approves an authentication regardless of which session it's tied to. The MFA factor is a string of digits or a button tap that exists in isolation from the website the user thinks they're using.
Passkeys are different. The WebAuthn protocol binds every authentication to the origin — the domain name — the user is interacting with. A passkey issued for bank.com will not sign a challenge from bonk.com, even if the user wants it to. The cryptography refuses. This is verifier impersonation resistance, in NIST 800-63-4 language, and it's the property that breaks the AiTM model.
When the user types into the AiTM proxy and the kit forwards the password, the bank's server still issues a passkey challenge. The challenge is bound to bank.com. The user's authenticator sees that the origin doesn't match — it can't be tricked into signing for a different domain — and refuses to authenticate. The flow stops. The phishing campaign fails.
The institutions that have rolled out passkeys at scale are reporting dramatic reductions in successful AiTM campaigns. Customers who enroll a passkey see phishing attempts fall to the floor — not because phishing emails stop arriving, but because they stop converting. The fraudsters notice. Campaigns rotate to customers who have not enrolled, or to channels — the call center, the in-branch experience — where authentication is weaker.
This is the part banks need to plan for. AiTM doesn't disappear when passkeys arrive. It migrates. The most-targeted customer becomes the one who hasn't yet enrolled. The most-targeted channel becomes the one where passkeys aren't yet required. A passkey rollout that leaves SMS OTP as a fallback "for convenience" gives the AiTM operator a clean detour. A rollout that retires SMS OTP across all sensitive flows closes the door.
Ideem's Passkeys+ is built to break the AiTM model and harden the controls AiTM kits have learned to work around. The platform enforces origin binding by default (no relying party misconfiguration allowed), binds device assurance to high-value transactions so that a stolen session can't authorize a transfer, and supports transaction binding — where each high-value action is signed by a fresh passkey signature rather than relying on session-level trust.
The honest answer about AiTM is that it's not going away. The March 2026 takedown bought defenders meaningful ground, but the kit ecosystem is competitive enough that operators will continue to add capabilities and successors will emerge. Banks that ship passkeys quickly, retire OTP fallbacks decisively, and adopt transaction-bound authentication will be the ones who turn 2026's phishing line on a chart into a downward slope. The rest will be reading their AiTM incident reports for a while.
Most orgs running OTP-based MFA have 3–4 exploitable gaps they don’t know about. Our Authentication Assessment takes 2 minutes and shows you exactly where you stand — plus a phased migration roadmap.
Take the Assessment →Built by Ideem
Device-bound passkeys and A2A payment authentication. One SDK. No OTPs, no redirects.
Our 2-minute assessment scores your authentication setup and shows you exactly where the improvements are.
See Your Score →