Threat Intelligence, Phishing, Identity

New Starkiller phishing kit bypasses MFA, mimics legitimate sites

Privacy concept: computer keyboard with Key icon and word Phishing on enter button background, 3d render

(Adobe Stock)

According to The Hacker News, a new phishing suite named Starkiller has emerged, designed to circumvent multi-factor authentication (MFA) by proxying legitimate login pages. This sophisticated tool, advertised by the Jinkusu threat group, offers cybercriminals a platform to impersonate brands and capture user credentials.

Starkiller operates by launching a headless Chrome browser within a Docker container, acting as a reverse proxy between the target and the genuine website. This ensures that phishing pages are always up-to-date and difficult for security vendors to detect. The kit centralizes infrastructure management, page deployment, and session monitoring, lowering the barrier for less skilled attackers.

This development follows similar trends, such as the evolution of the 1Phish kit targeting 1Password users with advanced features like OTP harvesting.

Source: The Hacker News

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Basic AuthenticationBotnetBrute ForceCertificate-Based AuthenticationChallenge-Handshake Authentication Protocol (CHAP)Covert ChannelsDomain HijackingFault Line AttacksMorris WormReconnaissance

You can skip this ad in 5 seconds