SlashNet has discovered a phishing kit that bypasses the two-factor authentication (2FA) of popular services like Google’s Gmail and Microsoft 365.
A newly discovered phishing kit, Astaroth, can bypass two-factor authentication (2FA) through session hijacking and real-time credential interception. Targeting popular services such as Gmail, Yahoo, AOL, and Microsoft 365, the phishing tool has been actively marketed on cybercrime forums since January.
Astaroth operates as a man-in-the-middle attack using a reverse proxy. This technique allows it to intercept login credentials, session cookies, and authentication tokens in real time, effectively rendering 2FA protections useless.
When victims click on a phishing link, they are redirected to a malicious server that mirrors the legitimate login page. With valid SSL certificates in place, users see no security warnings, making the attack difficult to detect. Once victims enter their usernames and passwords, Astaroth captures the data before forwarding the request to the actual authentication service.
To fully bypass 2FA, the phishing kit automatically intercepts one-time passcodes generated via SMS, authentication apps, or push notifications. Cybercriminals receive real-time alerts via a web panel interface and Telegram notifications, enabling them to seize control of compromised accounts before victims realize they’ve been targeted. Additionally, Astaroth captures session cookies, allowing attackers to inject them into their browsers and impersonate victims without needing further authentication.
According to Bank Info Security, J Stephen Kowski, field CTO at SlashNext, emphasized the urgency of enhancing security measures: "Security teams should use fast, real-time threat detection across web, email, and mobile channels while also teaching users to spot fake pages."
The SlashNext research team, which first uncovered Astaroth, recommends deploying AI-powered security tools to detect and block phishing attempts before they reach users.
A Man-in-the-Middle (MitM) attack is a cyberattack where an attacker secretly intercepts and possibly alters the communication between two parties without their knowledge. This allows the attacker to eavesdrop on sensitive data, manipulate messages, or steal personal information such as login credentials and financial details.
Read also: How to prevent man-in-the-middle attacks in healthcare
With the phishing kit readily available for $2,000 on underground marketplaces and sellers providing continuous updates, Astaroth represents a serious risk to individuals and organizations alike.
See also: HIPAA Compliant Email: The Definitive Guide
Users should be cautious of clicking on unknown links, enable phishing protection tools, use security keys where possible, and stay educated on the latest cyber threats.
Organizations can deploy AI-powered threat detection, enforce strong security policies, and educate employees on spotting phishing attempts.