-
@ SLCW
2025-02-23 06:13:28
Heads up... There's a new 2FA phishing kit for attackers to target Google, Microsoft, Yahoo, and other 3rd party logins.
Astaroth distinguishes itself by not only intercepting login credentials but also by rapidly capturing 2FA authentication tokens and session cookies as they are generated. This real-time interception, enabled by a reverse proxy mechanism, allows attackers to bypass 2FA defenses with remarkable speed and precision.
The attack is initiated by prompting the target to visit a phishing URL that presents a login page identical to the one they think they're visiting. So, be vigilant and be sure that the links you follow are authentic. And keep an eye on your browser's SSL connection information.
https://slashnext.com/blog/astaroth-a-new-2fa-phishing-kit-targeting-gmail-yahoo-aol-o365-and-3rd-party-logins/