Until now, two -factor authentication has been a rather effective barrier against phishing. The idea is simple: even if a hacker recovers your identifiers, it cannot connect without this famous additional code (sent by SMS or via an application).
A more clever phishing than ever
Except that Astaroth thwarts this system thanks to an inverted proxy technique of the “Evilginx” type. Clearly, when a victim clicks on a trapped link, it is redirected to a false site that seems to be the original (Gmail, Microsoft, Yahoo, etc.). This false site plays the role of intermediary between the victim and the real service. The user between his identifiers and, instead of being simply stored as in a classic phishing, they are transmitted live to the real site.
And this is where Astaroth’s strength lies: as soon as the user between his code 2FA, the pirate instantly recovers. In a few seconds, it can connect to the targeted account, as if its owner was.
It all starts with a simple malicious link. Once she clicked, the victim lands on a perfect copy of the site whom he seeks to consult. No suspect sign: the URL seems normal, the safety padlock is very present thanks to an SSL certificate, and the interface is identical to the original.
But as soon as the user enters his identifiers and his code 2FA, Astaroth captures all this information. The pirate can then inject them into his own browser and access the account, without the victim suspects anything.
Astaroth is marketed on cybercrime forums for around $ 2,000. The kit includes six months of updates and access to new attack techniques. As a bonus, hackers can test the service before buying, just to ensure its efficiency.
The success of the kit is also based on its accommodation. It is often stored on servers located in poorly cooperative countries with the Western authorities, complicating its ban. For the police, the battle is tough: Astaroth is mainly distributed via Telegram and on the black market, platforms where anonymity complicates surveys.
Faced with this kind of threat, it is crucial to adopt some reflexes: never click on a suspicious link received by email or SMS. Activate authentication with two factors, but especially on a physical key (like Yubikey) rather than with a single -use code. Always check the URL of the site you enter your identifiers. And use a password manager, which can detect false sites.
🟣 To not miss any news on the Geek Journal, subscribe to Google News. And if you love us, .
