2FA Hijacking

A new phishing kit called Astaroth is exploiting a vulnerability in two-factor authentication (2FA), putting millions of Gmail and Outlook users at risk.

The kit, which was first advertised last month, allows hackers to steal 2FA codes and session cookies in real-time, effectively bypassing this critical security measure. This is achieved through a "man-in-the-middle" attack, where the user is redirected to a fake login page that mimics the appearance of the legitimate site.
​

This type of attack bypasses two-factor authentication through session hijacking and real-time credential interception.

Traditional phishing attacks typically capture only primary credentials, leaving 2FA intact. However, Astaroth intercepts all authentication data in real-time, rendering 2FA ineffective.

How the Attack Works:

1. Users click on a malicious link, often disguised within a seemingly legitimate email or message.
2. They are redirected to a fake login page that mirrors the appearance of Gmail, Outlook, or another email platform and you are prompted to login.
3. When users enter their login credentials and 2FA code, this information is instantly captured by the attackers.
4. The attackers can then access the user's account, even though they have the correct 2FA code.

What You Can Do:

• Never click on links in emails or messages, even if they appear to be from a trusted source.
• Always navigate to login pages directly through your browser or app.
• Be wary of any suspicious pop-up windows or requests for personal information.
• Consider using passkeys, a more secure authentication method that is not vulnerable to this type of attack.

This phishing kit is readily available for purchase on cybercrime marketplaces for $2,000, making it a serious threat to users. It is crucial to remain vigilant and follow best practices to avoid falling victim to this attack.

Ep305

Image created by AI