Hackers have a new tool to access user login information and bypass two-factor authentication on email accounts without the victim ever becoming aware of the security breach.
The tool is available to any bad actor who wants it for $2,000.
Astaroth, named for the Grand Duke of Hell in demonology, is a highly sophisticated ‘phishing kit’ recently introduced on cybercrime forums. The kit acts as an unseen man-in-the-middle to intercept usernames, passwords, and two-factor authentication tokens, such as text codes, all in real time. The kit then forwards the credentials to the legitimate server so that the victim never receives a security warning and remains unaware that his account has been compromised.
Once the bad actor has intercepted the login and security data, he can act immediately to take over the account, making it a fast and easy tool for cybercrime, according to CyberMaterial.
The ‘phishing kit’ features ‘bulletproof hosting,’ which means it is resistant to law enforcement takedown attempts. It also includes six months of updates and support.
Hackers have been using this tool recently to target Gmail, Yahoo, and Microsoft Outlook accounts. The scheme starts with a URL link sent to the email user, which directs him to a fake but realistic-looking sign-in page. Once the unsuspecting victim has entered his login and 2FA information, he is forwarded to the legitimate website server, not realizing that he has just handed over the keys to his account to a bad actor.
“This phishing kit shows an alarming amount of sophistication,” Thomas Richards, principal consultant at Black Duck, told Infosecurity Magazine. “All the usual defenses and things to look out for that we train users on are harder to spot with this attack.”
“The availability of kits like Astaroth lowers the barrier to entry for cybercriminals, empowering less-experienced attackers to execute highly effective attacks,” warned Patrick Tiquet, the vice president of security and architecture at Keeper Security, per Infosecurity Magazine.