A new phishing-as-a-service platform called VoidProxy targets Microsoft 365 and Google accounts using sophisticated adversary-in-the-middle tactics. It employs Cloudflare-protected malicious sites and intercepts credentials, MFA codes, and session cookies to facilitate account compromise. #VoidProxy #AitM #Okta #Microsoft365 #Google
Keypoints
- VoidProxy is a scalable and evasive phishing platform targeting cloud service accounts.
- The attack chain begins with emails from compromised accounts with shortened links redirecting to malicious sites.
- Malicious sites use Cloudflare protections like CAPTCHA and Workers to hide their true origin and enhance legitimacy.
- Victims are directed to impersonate login pages for Microsoft or Google, capturing credentials and MFA codes.
- Oktaβs threat team notes that phishing-resistant authentication methods can prevent successful attacks.