New Phishing Kit Starkiller Defeats Multi-Factor Authentication

Abnormal has discovered a new phishing kit that allows bad actors to steal usernames and passwords with a toolkit that spoofs live login pages and bypasses multi-factor authentication (MFA) protections.

Most phishing kits depend on static HTML clones of login pages, which, while effective, are inherently fragile. Even a small interface update from the brand being impersonated can instantly reveal the deception. 

“A new framework called Starkiller (not to be confused with the legitimate BC Security red team tool of the same name) takes a different approach,” Abnormal researchers said.

A Commercial-grade Platform

It is being sold openly as a commercial-grade cybercrime platform by a threat group calling itself Jinkusu. This scourge is being distributed like a SaaS solution.

“It launches a headless Chrome instance (a browser that operates without a visible window) inside a Docker container, loads the brand’s real website, and acts as a reverse proxy between ...