'Starkiller' Phishing Service Proxies Real Login Pages, MFA
20 hours ago
- #MFA-bypass
- #phishing
- #cybersecurity
- Starkiller is a new phishing-as-a-service that dynamically loads real login pages and acts as a relay, capturing credentials and MFA codes.
- The service uses deceptive URLs that mimic legitimate domains, routing traffic through attacker-controlled infrastructure.
- Starkiller provides real-time session monitoring, keylogging, cookie theft, geo-tracking, and automated alerts via Telegram.
- The phishing service bypasses traditional detection methods like domain blocklisting and static page analysis.
- Starkiller is part of the Jinkusu threat group's offerings, which includes a user forum for support and feature requests.
- The article highlights the need for better browser warnings for URLs containing '@' symbols to prevent credential theft.
- Phishing-resistant MFA and hardware security tokens are recommended to mitigate such attacks.
- The service lowers the barrier to entry for novice cybercriminals, making advanced phishing techniques more accessible.