A new phishing kit known as Astaroth has been targeting billions of Gmail and Outlook users, rendering standard phishing defenses ineffective. Attackers use a reverse proxy to intercept requests after luring victims into clicking malicious links, leading to a fraudulent login page.
The technique enables hackers to perform a man-in-the-middle attack, making it difficult for victims to distinguish between their usual login process and a manipulated sign-in. Astaroth can steal login credentials, operating system information, device details, and IP addresses. It also captures session cookies, allowing attackers to access 2FA codes immediately after they are sent.
The malware is being distributed via Telegram and cybercrime marketplaces, making it hard for security personnel to track its distributors. To protect yourself, double-check the URL of your login page, never access accounts through links from strangers, and use a reliable web security solution.
Source: https://hothardware.com/news/phishing-kit-targets-gmail-outlook-users