Millions of users accessing their Gmail, Outlook, AOL, and Yahoo accounts every day now face a significant security threat. If you believe that two-factor authentication (2FA) guarantees your safety, you might want to reconsider. A new type of attack has been identified that can effectively circumvent 2FA by utilizing session hijacking and real-time credential interception. The hazardous sign-in page to be wary of is illustrated below.

This warning comes from SlashNext, which recently released a report detailing a new phishing toolkit named Astaroth. On compromised devices, this toolkit initiates a man-in-the-middle attack between the user and the actual login page, “capturing login credentials, tokens, and session cookies in real time, effectively nullifying 2FA measures.”

ForbesNSA Warns iPhone Users—Disable Wi-Fi Settings NowBy Zak Doffman

The toolkit was first promoted last month and is notable for not only gathering login details but also for swiftly acquiring 2FA authentication tokens and session cookies as they are created. The threat posed by this toolkit lies in its “real-time interception, facilitated by a reverse proxy mechanism, allowing attackers to bypass 2FA protections with astonishing speed and accuracy.”

As always, these attacks begin with a click on a malicious link. Hence, exercising caution can prevent these incidents if you adhere to basic safety protocols, such as not clicking on links found in emails, messages, or social media. A link may redirect you to a counterfeit server designed to mimic the appearance and functionality of the authentic domain, relaying your traffic between you and the legitimate login page. If you choose Google, you will find yourself on the fake sign-in page.

Users will not notice any warning signs, mistakenly believing they are on a secure website. Meanwhile, the man-in-the-middle attack captures your data and communicates behind the scenes with the actual webpage. “The user agent and IP address enable attackers to duplicate the victim’s session environment, lowering the chances of detection during the login process.”

Your confidence in 2FA security is completely undermined by this method. “Since 2FA is usually involved (e.g., through SMS codes, authenticator applications, or push notifications), Astaroth automatically captures the input of the 2FA token in real time. It instantly alerts the attacker via a web panel interface and Telegram notifications whenever a victim enters a token.”

There are downsides to 2FA, prompting rapid adoption of passkeys. This attack also targets session cookies from your browser, which allows attackers to replicate an authorized session on their own devices. Although there are ongoing updates to address session cookie theft, this is still a major issue.

ForbesSamsung’s Galaxy S24 Decision—Leak ‘Confirms’ Bad NewsBy Zak Doffman

This affordable phishing toolkit is readily available. For a price of $2,000, users gain six months of continuous updates, allowing them to access the latest enhancements and evasion techniques. To instill confidence, Astaroth offers potential buyers a trial before purchase, demonstrating its credibility in cybercriminal marketplaces.

It’s crucial to remember that while many phishing tactics remain simple, advancements in AI are making them increasingly sophisticated and harder to detect. The directive is clear: refrain from clicking on links and avoid using pop-up sign-in forms for your accounts—always access them through recognized channels. If you need to verify your login, go directly to the official sign-in page via secure means, never through unsolicited links.