Multiple cybercriminal groups are exploiting a phishing service called VoidProxy to hijack Microsoft and Google accounts by stealing credentials and session tokens in real time. Experts warn that this ongoing campaign affects various industries globally and recommends robust authentication measures like passkeys to prevent such attacks. #VoidProxy #AiTM
Keypoints
- VoidProxy is a phishing-as-a-service platform used by multiple threat actors to target Microsoft and Google accounts.
- Attackers rely on compromised emails and shortlink redirects to lure victims to fake sign-in pages hosting on low-cost domains.
- The phishing sites use AI-based Man-in-the-Middle (AiTM) proxies to intercept login credentials and session cookies.
- Stolen data, including MFA responses and session cookies, are sold on the dark web and used for account takeovers.
- Industry experts advise implementing passkeys and adhering to secure identity standards to defend against these threats.
Read More: https://www.theregister.com/2025/09/11/voidproxy_phishing_service/