Summary: The new Astaroth phishing kit poses a significant threat by bypassing two-factor authentication (2FA) to steal credentials from Gmail, Yahoo, and Microsoft using advanced hacking techniques. Known for its real-time credential capture and session hijacking methods, Astaroth logs vital authentication data, making it particularly effective against users with 2FA enabled. The kit is marketed as a sophisticated tool on cybercrime forums, raising alarms from security experts about its potential impact on online security practices.
Affected: Gmail, Yahoo, Microsoft users
Keypoints :
- Utilizes a reverse proxy to intercept login credentials and 2FA tokens in real-time.
- Logs extensive authentication data, allowing for detailed tracking of phishing attempts.
- Sellers promote the kit with features that evade detection and offer support for continued updates.
Source: https://hackread.com/astaroth-phishing-kit-bypasses-2fa-hijack-gmail-microsoft/