Hackers are now targeting Gmail and Outlook accounts with an attack that can bypass even extra security layers. Most of us check our emails regularly without paying much attention to them, so it is too easy to forget that they can be a convenient entry point for cybercriminals.
![[Hacker using laptop. Lots of digits on the computer screen.]](https://metro.co.uk/wp-content/uploads/2025/02/SEI_240803056-cba4.jpg?quality=90&strip=all&w=646)
Now, a new sophisticated phishing attack that can even work around two-factor authentication (2FA) has been revealed by security experts, with Gmail, Yahoo and Microsoft accounts at particular risk. Astaroth, the ominously named tool, can get around two-factor authentication through ‘session hijacking and real-time credential interception,’ SlashNext discovered.
![[A screenshot of what a fake email login website will look like when users are being attacked by new phishing tool Astaroth.]](https://metro.co.uk/wp-content/uploads/2025/02/SEI_240803284-78d2.jpg?quality=90&strip=all&w=646)
Here is how it works so you can avoid falling victim to the latest phishing attack as new tools are being developed. With the new attack, hackers will first send a URL link to email users. It will then redirect them to a malign server where a fake sign-in page will appear.
![[A screenshot of what a fake email login website will look like when Gmail, Outlook and Yahoo users are being attacked by new phishing tool Astaroth.]](https://metro.co.uk/wp-content/uploads/2025/02/SEI_240803287-3daf.jpg?quality=90&strip=all&w=646)
To make matters worse, the fake page does not activate security warnings on the device. Then the phishing tool becomes like a malign middleman between the user and the legitimate website. It captures sensitive data like username, password and IP address when the unaware victim enters their login credentials before forwarding them to the legitimate website server.
![[A screenshot of what a fake email login website will look like when Gmail, Outlook and Yahoo users are being attacked by new phishing tool Astaroth, with what the cybercriminal will see in their notifications when successful.]](https://metro.co.uk/wp-content/uploads/2025/02/SEI_240803050-5a71.jpg?quality=90&strip=all&w=646)
These details ‘allow attackers to replicate the victim’s session environment and reduce detection risks during login,’ SlasNext experts said. Can two-step authentication stop the attack?. Unfortunately, the worm will automatically get hold of the 2FA token in real time as it intercepts the details immediately when entered by the oblivious user.
This means that even the text message verification codes that appear stealthy cannot protect from this type of attack. Possibly thousands of miles away from the victim, the cybercriminal will be notified when the user enters their details ‘through a web panel interface and Telegram notifications.’.
Astaroth is currently sold on the dark web marketplaces where fraudsters can buy it for around £1,580 ($2,000). The brazen sellers are even promoting it on Telegram channels and cybercrime forums. ‘Unfortunately, the accessibility of these platforms, combined with the anonymity they offer, makes it quite difficult for law enforcement to track and disrupt its sales,’ the experts said.
It comes after another Gmail attack warning which targets users with realistic-sounding AI calls telling people their account has been compromised. Get in touch with our news team by emailing us at webnews@metro.co.uk. For more stories like this, check our news page.
Arrow MORE: Xbox AI plans already getting roasted by devs: ‘Nobody will want this’. Arrow MORE: Xbox creator criticises Microsoft and says more powerful consoles are a dead end. Arrow MORE: Games Inbox: When will Fallout 5 be released?. Stay on top of the headlines with daily email updates.
