SUMMARY
- Rockstar 2FA Uncovered: Trustwave uncovers Rockstar 2FA, a phishing-as-a-service (PhaaS) platform focusing on Microsoft 365 accounts with superior instruments.
- 2FA Bypass: Options embody 2FA cookie harvesting, antibot protections, and faux login pages mimicking official providers.
- Credential Theft: Attackers seize login credentials and session cookies by means of adversary-in-the-middle (AiTM) ways.
- Large Impression: Linked to over 5,000 phishing domains and large-scale assaults throughout a number of industries since Could 2024.
- Accessible for Hackers: Reasonably priced subscriptions make phishing accessible to attackers with minimal technical abilities.
Cybersecurity researchers at Trustwave have found “Rockstar 2FA,” a phishing-as-a-service platform designed to assist hackers and script kiddies bypass two-factor authentication (2FA) and acquire unauthorized entry to Microsoft 365 accounts.
This platform has already been linked to a surge in large-scale adversary-in-the-middle (AiTM) assaults focusing on customers throughout a number of sectors and areas, which have been profitable in stealing Microsoft 365 credentials from unsuspecting victims.
How Rockstar 2FA Works?
Rockstar 2FA is an upgraded model of the DadSec/Phoenix phishing package, which was behind a number of the most world phishing campaigns in 2023, together with assaults on main U.S. faculty districts in December 2023.
The platform’s options embody 2FA bypass, 2FA cookie harvesting, antibot safety, login web page themes mimicking fashionable providers, absolutely undetectable (FUD) hyperlinks, and Telegram bot integration.
Rockstar 2FA additionally offers a user-friendly admin panel that permits prospects to trace the standing of their phishing campaigns, generate URLs and attachments, and personalised themes. The platform is obtainable as a subscription service, with costs beginning at $200 for a two-week subscription.
The Phishing Marketing campaign
The phishing marketing campaign related to Rockstar 2FA makes use of varied electronic mail supply mechanisms, together with compromised accounts and abused official providers equivalent to electronic mail advertising and marketing platforms. The emails are designed to trick victims into coming into their credentials on a faux login web page that mimics Microsoft 365.
Most significantly, as soon as a sufferer clicks on a malicious hyperlink, they’re redirected to a touchdown web page that presents a Cloudflare Turnstile problem. This problem is designed to stop automated evaluation of the phishing web page and solely permits official customers to proceed. If the consumer passes the problem, they’re offered with a phishing web page that carefully resembles the sign-in web page of the model being imitated.
As soon as the sufferer enters their credentials, the AiTM server then acts as a proxy, forwarding the credentials to Microsoft’s official service to finish the authentication course of. As soon as the authentication is full, the server captures the session cookie, which can be utilized by the attackers to realize direct entry to the sufferer’s account, even when it’s protected by MFA.
The Impression
In keeping with Trustwave’s weblog submit shared with Hackread.com forward of publishing on Monday, the Rockstar 2FA platform has led to large-scale phishing assaults utilizing subtle ways, strategies, and procedures (TTPs).
The platform’s skill to bypass 2FA protections has elevated the opportunity of secondary assaults, equivalent to account takeovers, launching phishing campaigns utilizing compromised accounts, or performing enterprise electronic mail compromise (BEC) assaults.
What’s extra, the Rockstar 2FA platform has been linked to over 5,000 hits on urlscan.io since Could 2024, with a noteworthy improve in exercise in August 2024.
“One distinguishable characteristic of this campaign is the incorporation of car-themed web pages. Via urlscan.io, we were able to find over 5,000 hits of car-themed domains linked to this campaign since May 2024.”
Trustwave
In keeping with Krishna Vishnubhotla, Vice President of Product Technique at Zimperium, “PhaaS platforms like Rockstar 2FA are lowering the cost of entry for new attackers, mainly through mobile devices. By providing ready-made phishing kits, these platforms eliminate the need for extensive technical skills or resources usually required for phishing attacks.”
The rising use of Rockstar 2FA highlights how phishing has turn into a extremely profitable tactic for cybercriminals. To remain secure, keep away from clicking hyperlinks or downloading attachments from unknown emails, double-check earlier than coming into your credentials on a login web page, and scan hyperlinks and information utilizing instruments like VirusTotal.
For workers, simulated phishing coaching is much simpler than fundamental cybersecurity coaching in serving to them acknowledge and reply to phishing threats.
RELATED TOPICS
- Xiū gǒu Phishing Equipment Hits UK and US Throughout Key Sectors
- V3B Phishing Equipment Steals Logins, OTPs from EU Banking Customers
- 99% of UAE’s .ae Domains Uncovered to Phishing and Spoofing
- Meet MEWKit, a difficult phishing assault draining Ethereum wallets
- Russian Hackers Use Telekopye Toolkit in Broad Phishing Assaults
