New Phishing Framework Starkiller Proxies Real Login Pages to Bypass MFA
New Phishing Framework Starkiller Proxies Real Login Pages to Bypass MFA
A highly sophisticated phishing framework named Starkiller has recently emerged, offering attackers an advanced method to steal credentials and bypass multi-factor authentication. 🚨
The primary delivery channel for this threat is deceptive email messages containing malicious links. When a target clicks the link, the framework spins up a hidden web browser inside a secure container to load the actual brand website in real time. The attacker’s server then acts as a middleman, forwarding the victim’s keystrokes, passwords, and multi-factor authentication codes directly to the legitimate service. 🔒
Because victims interact with the genuine website through a proxy, the impact is severe, leading to rapid account takeovers and widespread session hijacking. This malicious infrastructure also includes specialized tools designed for financial fraud, capturing credit card details and cryptocurrency wallet recovery phrases. đź’ł
Traditional security defenses struggle to stop this proxy-based approach because the framework eliminates the static files that defenders typically block. Since the malicious server relays the exact content of the legitimate portal, page fingerprinting tools cannot distinguish fake sessions from real ones.