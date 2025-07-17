A phishing attack bypassing FIDO keys was reported by Expel on Thursday.The attack abuses QR codes generated for cross-device sign-in to enable attackers to log in to victims’ accounts.Fast IDentity Online (FIDO) cryptographic private keys are bound to physical devices, providing stronger multi-factor authentication (MFA) than methods like SMS or email that could potentially be remotely compromised.Cross-device authentication using FIDO allows a user with one device holding a private key to log into another device that does not hold the key. This is meant to provide convenience in scenarios such as logging in to a public computer or new device that is not yet enrolled with FIDO. Typically, a mobile device with a camera like a phone or tablet is used to scan a QR code on the second device during login, verifying that the user has possession of the FIDO key-holding device.In the attack observed by Expel, the attacker set up a spoofed Okta login page that automatically relayed the entered credentials into the legitimate Okta portal, in a man-in-the-middle (MitM) style attack. This phishing page, hosted at the typosquatted domain okta[.]login-request[.]com, was sent to the victim in an email.To bypass FIDO, the attacker requested cross-device authentication at the next login stage on the legitimate portal, causing Okta to generate a QR code that was automatically relayed back to the victim on the spoofed page.The victim scanned the QR code using their authenticator app, unwittingly providing the attacker access to their account. Expel reported that, although the attacker successfully logged in, no further malicious activity was observed in this case.Expel suspects the attack is connected to the PoisonSeed campaign; a cluster of phishing attacks that has leveraged compromised accounts to target cryptocurrency wallets since at least April 2025.
Identity, Phishing, Threat Intelligence, IAM Technologies
Phishing attack abuses QR codes to bypass FIDO keys
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds