Hackread reports Microsoft, Gmail, Yahoo, and other authentication services' login credentials are being targeted by the newly emergent Astaroth phishing kit, which leverages an evilginx-style reverse proxy enabling man-in-the-middle attacks while evading two-factor authentication.
Intrusions with Astaroth involve the distribution of malicious links redirecting to a seemingly legitimate website luring targets into providing their login credentials, which are later pilfered, an analysis from SlashNext revealed. Aside from circumventing headless detection and facilitating account credential and cookie exfiltration, Astaroth — which is being peddled for $2,000 on Telegram — also offers bulletproof hosting and half a year's worth of support and updates for its users. Astaroth "shows an alarming amount of sophistication. All the usual defenses and things to look out for that we train users on are harder to spot with this attack. Having the infrastructure running on providers who don't cooperate with law enforcement will make it more difficult to take down these malicious actors," said Black Duck Principal Consultant and Network and Red Team Practice Director Thomas Richards.
