top of page
tech360.tv
4 hours ago2 min read

Microsoft and Google Users Warned—Rockstar 2FA Bypass Attacks Incoming

Rockstar 2FA exploit kit targets Google and Microsoft users. Subscription rates for the kit start at $200 for two weeks. Attackers use FUD links and legitimate platforms to bypass 2FA.


Google And Microsoft Users Warned—Rockstar 2FA Bypass Attacks Incoming
Credit: MICROSOFT

Security researchers Diana Solomon and John Kevin Adriano from Trustwave SpiderLabs have uncovered a widespread threat campaign utilising an attacker-in-the-middle strategy to steal session cookies and circumvent 2FA protections.


The Rockstar 2FA kit, an upgraded version of the DadSec phishing kit, is associated with threat actor Storm-1575, known for orchestrating significant phishing campaigns in 2023. With a growing number of subscribers accessing the Rockstar 2FA kit through underground channels, the risk of cyber threats is escalating. The kit offers various subscription options, starting at US$200 for two weeks, providing cybercriminals with tools to bypass 2FA, antibot protection, multiple login page themes, and more.


One of the key features of Rockstar 2FA is the creation of fully undetectable (FUD) links, designed to evade URL-based detection systems. By exploiting legitimate platforms like Microsoft OneDrive, OneNote, and Google Docs Viewer, attackers can redirect users to phishing landing pages discreetly, making it challenging for users to identify malicious URLs. These tactics highlight the sophistication of modern phishing attacks and the importance of staying vigilant online.


To combat the evolving threat landscape, experts recommend enabling 2FA whenever possible and adopting additional security measures like security keys to enhance protection against phishing attacks. Understanding how attackers exploit vulnerabilities in authentication systems is crucial in safeguarding personal information and preventing unauthorised access to accounts.


Trustwave SpiderLabs researchers have issued a warning about threat actors utilising QR codes to embed malicious URLs, a tactic known as "quishing." This method allows threat actors to bypass traditional detection systems that focus on visible links. An example highlighted by the researchers involved a PDF document mimicking DocuSign, containing only a QR code instructing users to sign the document using a smartphone camera.


The researchers also noted that attacks involving Rockstar 2FA often employ multi-stage phishing chains, utilising various legitimate services to host malicious links and evade detection. This layered approach aims to conceal phishing pages from email gateways, making detection more challenging.


Paul Walsh, CEO at MetaCert, a co-founder of the W3C Mobile Web Initiative, emphasised the flaws in current threat intelligence for phishing protection. Walsh highlighted that historical data reliance is ineffective, as new URLs are designed to evade existing intelligence. He stressed that criminals exploit gaps in outdated security strategies rather than using new methods, making it crucial to update security measures.


Walsh argued that blaming individuals for falling victim to phishing attacks is misguided, attributing the issue to inadequate security measures. He cautioned against trusting "trusted sources" and advised against link hovering, as sophisticated phishing campaigns can convincingly mask the true destination. MetaCert advocates for a zero-trust approach, treating every URL as untrusted until verified as safe.


For further insights, the full Trustwave SpiderLabs report on phishing-as-a-service kits, including Rockstar 2FA, is available in three detailed parts. It is recommended to review the report to stay informed about evolving threats in the cybersecurity landscape.

 

  • Rockstar 2FA exploit kit targets Google and Microsoft users

  • Subscription rates for the kit start at $200 for two weeks

  • Attackers use FUD links and legitimate platforms to bypass 2FA


Source: FORBES

As technology advances and has a greater impact on our lives than ever before, being informed is the only way to keep up.  Through our product reviews and news articles, we want to be able to aid our readers in doing so. All of our reviews are carefully written, offer unique insights and critiques, and provide trustworthy recommendations. Our news stories are sourced from trustworthy sources, fact-checked by our team, and presented with the help of AI to make them easier to comprehend for our readers. If you notice any errors in our product reviews or news stories, please email us at editorial@tech360.tv.  Your input will be important in ensuring that our articles are accurate for all of our readers.

bottom of page