A method to get around two-factor authentication has been developed by hackers and is now for sale online
Phishing emails are currently a major worry for users of Gmail and Outlook. On these platforms, ransomware, Trojan horses, and other extremely harmful malware are growing more prevalent.
Cybersecurity guidelines can help prevent cybercriminals' attempts, but hackers are able to launch sophisticated attacks with new tactics that are so potent that they can circumvent two-factor authentication (2FA).
Although 2FA is thought to be one of the most robust security layers, blocking the majority of hacker tactics, a new tool called "Astaroth" takes advantage of every weakness in the most popular online platforms.
Since it is being sold to scammers and other cybercriminals, a lot of people could be impacted right now, making the situation risky.
What makes Astaroth one of the riskiest phishing techniques?
Concerns have been raised regarding the high infiltration capacity of the Astaroth phishing toolkit, which was discovered by the SlashNext team. The toolkit has been in circulation since January 2025 and has trapped many victims through its almost unstoppable propagation.
Given that it operates differently from many other strategies by directly affecting two-factor authentication through real-time credential collection, this is arguably one of the riskiest tactics ever developed.
How is this protection circumvented? Insiders claim that it employs reverse proxy technology, which is comparable to that of another organization known as EvilGinx. The user enters their information into a platform that serves as a middleman and intercepts private information without causing suspicion because it has SSL certificates.
Astaroth's main targets are services like Gmail, Outlook, Yahoo, Microsoft 365, and others that are usually used for direct access to similar platforms. They can take over other accounts and spread to ruin the affected person's numerous websites if they are able to get their hands on this data.
How can we safeguard?
You should abide by the expert-recommended phishing protection guidelines to stay clear of these dangers. The most important rule is not to share your confidential data on any platform or social network.