Summary: Cybersecurity researchers have uncovered a new phishing kit named “Astaroth” that can bypass two-factor authentication (2FA) by using a reverse proxy to intercept and steal login credentials, 2FA tokens, and session cookies from victims. It targets a variety of online accounts including major platforms like Gmail and Microsoft 365, posing a significant threat to user security. Despite 2FA being a critical security measure, this kit demonstrates its vulnerabilities and the need for users to exercise caution when interacting with links from unknown sources.
Affected: Online account users (Gmail, Yahoo, AOL, Microsoft 365, and others)
Keypoints :
- The Astaroth phishing kit captures login credentials as well as 2FA tokens and session cookies, effectively bypassing 2FA protections.
- It employs an evilginx-style reverse proxy to act as a man-in-the-middle, intercepting traffic between victims and legitimate authentication services.
- Astaroth can be purchased for ,000, includes features for longevity such as bulletproof hosting, and allows for testing before acquisition.
Source: https://securityonline.info/astaroth-phishing-kit-bypasses-2fa-steals-accounts/