Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins

A new phishing kit named Astaroth has emerged as a significant threat in the cybersecurity landscape by bypassing two-factor authentication (2FA) mechanisms.

First advertised on cybercrime networks in January 2025, Astaroth employs advanced techniques such as session hijacking and real-time credential interception to compromise accounts on platforms like Gmail, Yahoo, Office 365, and other third-party logins.

Advanced Techniques for Bypassing 2FA

Unlike traditional phishing kits that rely on static fake login pages to collect credentials, Astaroth uses an evilginx-style reverse proxy to dynamically intercept authentication data in real-time.

Acting as a man-in-the-middle, the kit mirrors legitimate login pages, complete with SSL certificates, ensuring victims perceive no security warnings.

When users enter their credentials and 2FA tokens on these spoofed pages, Astaroth intercepts the data before forwarding it to the legitimate server.

According to SlashNext, the phishing kit captures not only usernames and passwords but also session cookies and 2FA tokens (e.g., SMS codes or app-generated codes).

These session cookies allow attackers to bypass authentication entirely by injecting them into their browsers, effectively impersonating the victim without requiring additional credentials.

Real-time alerts via a web panel or Telegram notifications enable attackers to act immediately after capturing the data.

Key Features and Distribution

Astaroth is sold for $2,000 on cybercrime forums and Telegram channels, offering six months of updates and support.

It includes features such as:

• Real-time credential capture: Intercepts usernames, passwords, 2FA tokens, and session cookies.
• SSL-certified phishing domains: Ensures victims see no security warnings.
• Bulletproof hosting: Resists takedown attempts by law enforcement by operating in jurisdictions with limited regulatory oversight.
• Bypass techniques: Includes methods to evade reCAPTCHA and BotGuard protections.

The phishing kit is marketed with transparency and even offers testing before purchase to demonstrate its capabilities.

This openness attracts both experienced cybercriminals and newcomers.

Astaroth’s sophistication highlights the growing challenges of defending against phishing attacks.

By targeting 2FA mechanisms considered a robust layer of security, it renders traditional defenses ineffective.

The kit’s ability to hijack authenticated sessions in real-time poses a severe risk to individuals and organizations alike.

Experts emphasize the need for enhanced cybersecurity measures.

Real-time threat detection across web, email, and mobile channels is critical.

Additionally, educating users to recognize phishing attempts remains essential.

For instance, users should avoid clicking on suspicious links in emails and instead navigate directly to official websites to verify account activity.

As phishing kits like Astaroth become more accessible and sophisticated, they lower the barrier for cybercriminals to execute highly effective attacks.

This underscores the importance of adopting proactive security strategies to mitigate evolving threats.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free