☢️ATTENTION ATTENTION ☢️
👁️Hackers create a system to bypass two-factor authentication and can now shop online
Your 2FA protection is at risk due to a new phishing kit created by cybercriminals. Google, Microsoft, and other platform accounts can be hacked. Currently, one of the biggest concerns for Gmail and Outlook users is phishing emails. From ransomware to trojans and other high-level malware, they are becoming increasingly common on these platforms. There are ways to stop cybercriminal attempts with cybersecurity recommendations, but unfortunately, hackers are achieving powerful attacks with new strategies, so powerful that they could evade Two-Factor Authentication (2FA) protection.
2FA is supposed to be one of the strongest security layers, as it prevents hackers from executing most of their tactics, but a new kit called 'Astaroth' is exploiting all the vulnerabilities of the most commonly used platforms on the Internet. Discovered by the SlashNext team, concerns arise about the high infiltration capacity of the Astaroth phishing kit, which has been lurking since January 2025, taking several victims with an almost unstoppable implementation.
It is probably one of the most dangerous strategies that have been created so far since it works differently than many others because it directly impacts Two-Factor Authentication through the real-time collection of credentials.
How is it able to overcome this protection? According to informants, it uses a reverse proxy technique similar to another kit called EvilGinx. The process is that the user enters their data on a platform, it acts as an intermediary and intercepts the confidential data without raising suspicion because it incorporates SSL certificates.
Services like Gmail, Outlook, Yahoo, Microsoft 365, and others, which are normally used to directly access similar platforms, are the primary targets of Astaroth. If they manage to obtain this data, they can infiltrate other accounts and expand to wreak havoc on various sites of the affected person. At first glance, it seems inevitable, but it is all a matter of being careful while browsing. This kit is focused on capturing 2FA tokens and cookies, so to avoid it, it is necessary to be wary of the URLs you access. Most of these attacks can come from WhatsApp messages from unknowns and other applications or SPAM emails. They often convince you to click on a link where they pose as a legitimate company and insist you enter your data.
Do nothing before checking the source; if you are going to enter any promotion or anything tempting from an online store or if you received a notification and want to access your account, do so by going directly to the official page and not from the link they send you.
👁️Do not click on any link before verifying its legitimacy and source.
No click on any link, not even those published to claim rewards on Binance Square, or your funds may be at risk 👁️#BTCBelow80K #BTCbitcoin
