The newly discovered Astaroth phishing kit, uncovered by SlashNext researchers, is designed to bypass two-factor authentication (2FA) by using an evilginx-style reverse proxy to intercept login credentials and session tokens in real-time. Unlike traditional phishing kits, Astaroth dynamically captures authentication data, including usernames, passwords, and 2FA tokens, allowing attackers to hijack sessions without needing repeated access. Victims are tricked into clicking malicious links that redirect them to fake but realistic login pages, where their credentials and session cookies are stolen and forwarded to attackers via a web panel and Telegram alerts. The kit is sold on cybercrime forums for $2,000, including bulletproof hosting and updates, making it highly attractive to threat actors. Security experts warn that Astaroth’s sophistication makes it harder for users to detect phishing attempts, emphasizing the importance of verifying login prompts directly rather than clicking on links in suspicious emails. Continue here.
