VoidProxy PhaaS Targets Microsoft 365 and Google Accounts in New Campaign

Phishing-as-a-Service operation called VoidProxy that uses advanced adversary-in-the-middle techniques to bypass traditional multi-factor authentication and steal session tokens from Microsoft 365 and Google accounts.

The five steps of a SIM-swap attack illustrating how fraudsters bypass multi-factor authentication to compromise accounts

Okta has uncovered a sophisticated new emergence of VoidProxy, a highly evasive Phishing-as-a-Service platform that represents a major evolution in credential harvesting attacks.

This previously unreported service demonstrates the growing sophistication of cybercriminal operations and their ability to bypass modern security controls that organizations rely on to protect their digital assets.

VoidProxy operates as a mature, scalable platform that significantly lowers the technical barriers for threat actors to execute sophisticated phishing campaigns against enterprise accounts.

The service employs adversary-in-the-middle techniques to intercept authentication flows in real-time, capturing not only usernames and passwords but also multi-factor authentication codes and session tokens established during legitimate sign-in processes.

Diagram illustrating ...