A newly emergent phishing kit called Astaroth is targeting login credentials from popular services like Microsoft, Gmail, and Yahoo. This kit uses an evilginx-style reverse proxy to enable man-in-the-middle attacks while evading two-factor authentication.
The phishing kit works by distributing malicious links that redirect users to a fake website, tricking them into providing their login credentials. The attackers then steal the stolen credentials and use them for malicious purposes.
Astaroth is available on Telegram for $2,000 and offers additional features such as bulletproof hosting and six months of support and updates. Experts warn that Astaroth’s sophistication makes it harder to detect and defend against.
“Having the infrastructure running on providers who don’t cooperate with law enforcement will make it more difficult to take down these malicious actors,” said Thomas Richards, Principal Consultant at Black Duck.
Source: https://www.msspalert.com/brief/advanced-stealthy-astaroth-phishing-kit-emerges