Phishing attacks continue to surge, with estimates indicating over 800,000 victims in the first quarter of 2024, a 4% rise from the same period the previous year. Attackers persistently try to deceive individuals into revealing their credentials. While Two-Factor Authentication (2FA) is commonly used as a defense against stolen credentials, preventing unauthorized access even with compromised passwords, it appears to be insufficient. Cybersecurity experts have recently uncovered the Astaroth malware that uses sophisticated methods to circumvent 2FA restrictions, giving hackers unlimited access to a victim’s Gmail, Outlook or Yahoo accounts.
The danger posed by Astaroth stems from its ability to render standard phishing defenses ineffective. Attackers use a reverse proxy to intercept requests after luring victims into clicking malicious links, leading to a fraudulent Gmail, Outlook or Yahoo or other email login page. This technique enables hackers to perform a man-in-the-middle attack. Unsuspecting victims enter their login credentials, believing they are on a legitimate webmail site. Subsequently, the reverse proxy forwards the victim’s credentials to the actual Gmail, Yahoo, Outlook or other login page, creating the illusion of a normal sign-in.
Aside from stealing login credentials, Astaroth can also steal information about a victim’s operating systems, devices, and IP addresses. The most unique part of Astaroth’s attack lies in its ability to capture session cookies, which it uses to capture 2FA codes immediately after they are sent. The entire process appears so genuine and straightforward that it makes it extremely hard for victims to differentiate between their usual login process and a sign-in manipulated by a malicious actor deploying Astaroth.
To exacerbate the situation, the malware is being sold and distributed by cyber criminals via Telegram and on several cybercrime marketplaces across the web. Experts have reported that the various methods adopted for its distribution and the mask of anonymity behind its distributors make it very hard for security personnel to track them.
If you’re wondering how to protect yourself, it’s quite simple if you’re careful. First, every time you log into your Gmail, Yahoo or Outlook account, double-check the URL to ensure you’re on the official website. Also, never access your Outlook, Yahoo, Gmail or other accounts through a link someone else sent you. You may also consider using a reliable and up-to-date web security solution.