Cybernews reports that Microsoft, Google, Apple, Facebook, and other platforms have had their legitimate login pages exploited by the new Starkiller phishing kit for credential theft.Starkiller, which is operated and sold by the Jinkusu operation, deploys a browser with an invisible window within a Docker container to load the legitimate login page while serving as a reverse proxy to capture data provided by targets, according to an Abnormal AI report. Attackers could also leverage the phishing kit's 'Active Targets' dashboard for real-time session monitoring. Such a threat should prompt increased vigilance on suspicious login patterns and reused session tokens from unlikely locations, as well as the implementation of identity-aware session analysis, said researchers."This is especially true at the inbox level, where analyzing the behavioral context of each email rather than relying solely on the content of the links it contains offers the most effective way to stop these attacks before they reach end users," researchers added.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds