Tuesday, May 13, 2025
HomeCyber Security News'SessionShark’ - A New Toolkit Bypasses Microsoft Office 365 MFA Security

‘SessionShark’ – A New Toolkit Bypasses Microsoft Office 365 MFA Security

Published on

SIEM as a Service

Follow Us on Google News

Security researchers have uncovered a new and sophisticated threat to Microsoft Office 365 users: a phishing-as-a-service toolkit dubbed “SessionShark O365 2FA/MFA.”

Promoted through cybercriminal marketplaces, SessionShark is designed to bypass Microsoft’s multi-factor authentication (MFA) protections—an alarming escalation in the ongoing battle between defenders and cyber attackers.

A Toolkit Purpose-Built to Evade 2FA and MFA

According to SlashNext, SessionShark operates as an adversary-in-the-middle (AiTM) attack platform, targeting Office 365 logins. Its core feature is the interception of user session cookies—the tokens that prove a user’s successful MFA login.

- Advertisement - Google News
The primary interface for SessionShark
The primary interface for SessionShark

By stealing these tokens, attackers can hijack authenticated sessions, rendering MFA useless even if the original credentials and code have already been provided by the victim.

This mirrors tactics seen in other advanced phishing kits, such as Tycoon 2FA, elevating the potential for widescale breaches.

The features of SessionShark
The features of SessionShark

Clever Stealth and Anti-Detection Features

SessionShark’s promotional materials boast a comprehensive array of anti-detection technologies:

  • Advanced Antibot Technology: The toolkit uses human verification, like CAPTCHAs, to block web crawlers, automated security scanners, or sandboxes. This clever filtering ensures phishing pages are primarily exposed to real users, not security researchers, reducing the chance of detection and takedown.
  • Cloudflare Compatibility: The kit is optimized for deployment behind Cloudflare’s network. This not only obscures the actual hosting server but also thwarts IP-based blocking, a popular defense tactic. Using Cloudflare as a proxy, SessionShark lowers technical barriers for attackers seeking stealth and resilience.
  • Enhanced Stealth Capabilities: Developers have implemented techniques such as custom HTTP headers and evasive scripting to evade detection from threat intelligence and anti-phishing services. Additionally, SessionShark can block known threat intelligence crawlers and manipulate page content dynamically for further obfuscation.
  • Highly Realistic Office 365 Login Pages: The phishing interfaces mimic Microsoft’s login workflows with alarming accuracy, dynamically adapting to different devices and error scenarios. This makes detection by end-users increasingly difficult, even for those who are security savvy.
  • Instant Session Logging via Telegram: The toolkit integrates with Telegram, delivering stolen credentials and session tokens to attackers in real time. This instant notification enables rapid account takeovers, frequently outpacing traditional corporate incident response.

In a tactic borrowed from legitimate SaaS models, SessionShark is marketed with polished subscription packages and supposed “educational” intentions, offering customer support via Telegram.

 The ‘educational’ terms of service for SessionShark
 The ‘educational’ terms of service for SessionShark

While the developers emphasize “for ethical hacking” and “educational purposes,” all signs point to a tool built for criminal abuse.

The emergence of SessionShark underscores a dangerous trend: As phishing kits become more advanced and accessible, even organizations with strong MFA adoption face new risks.

Security teams are urged to monitor for session anomalies, educate users about phishing techniques, and consider layered defenses beyond MFA to stay ahead of evolving threats.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...