CyberSecurity news
FlagThis
Daniel Kelley@SlashNext - 17d
A new phishing kit named Astaroth has emerged as a significant threat, targeting Microsoft, Gmail, Yahoo, AOL, Office 365, and other third-party login services. It uses an evilginx-style reverse proxy to perform man-in-the-middle attacks, enabling it to bypass two-factor authentication (2FA). Discovered on cybercrime marketplaces, Astaroth employs advanced techniques like session hijacking and real-time credential interception to dynamically retrieve authorization tokens, 2FA tokens, and session cookies, unlike traditional phishing tools.
Astaroth operates by redirecting victims to malicious servers mimicking legitimate login pages, complete with SSL certificates to avoid raising security warnings. The kit intercepts traffic in real-time, capturing login credentials and 2FA tokens before forwarding them to the legitimate server. Key features include bulletproof hosting and continuous updates for six months. It is marketed as an easy-to-use, 2-in-1 solution, costing $2000, and even includes pre-purchase testing to demonstrate its effectiveness in real-world attacks.
ImgSrc: www.slashnext.c
References :
Astaroth operates by redirecting victims to malicious servers mimicking legitimate login pages, complete with SSL certificates to avoid raising security warnings. The kit intercepts traffic in real-time, capturing login credentials and 2FA tokens before forwarding them to the legitimate server. Key features include bulletproof hosting and continuous updates for six months. It is marketed as an easy-to-use, 2-in-1 solution, costing $2000, and even includes pre-purchase testing to demonstrate its effectiveness in real-world attacks.
ImgSrc: www.slashnext.c
Share:
References :
- Cyber Security News: Report on Astaroth 2FA phishing kit targeting multiple platforms.
- gbhackers.com: GBHackers article on the Astaroth kit.
- SlashNext: Phishing attacks continue to evolve, pushing even the most secure authentication methods to their limits. First advertised on cybercrime networks in late January 2025, Astaroth is a brand new phishing kit that bypasses two-factor authentication (2FA) through session hijacking and real-time credential interception.
- cyberpress.org: Astaroth 2FA Phishing Kit Exploits Gmail, Yahoo, Office 365, and Third-Party Accounts
- slashnext.com: Astaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and 3rd-Party Logins
- gbhackers.com: gbhackers.com
- www.cysecurity.news: Details about Astaroth, including its features and marketing.
- MSSP feed for Latest: MSSPalert brief on the Astaroth phishing kit.
- hackread.com: Astaroth Phishing Kit Bypasses 2FA to Hijack Gmail and Microsoft Accounts
Classification:
- HashTags: #PhishingKit #2FA #Astaroth
- Company: Gmail, Microsoft, Yahoo
- Target: Users of Gmail, Yahoo, Office 365
- Attacker: Astaroth Phishing Kit Developers
- Product: Gmail, Yahoo, AOL, O365
- Feature: Bypassing 2FA
- Malware: Astaroth
- Type: Malware
- Severity: High