EMAIL users have been warned of a dangerous new phishing attack that swipes their login details and accesses accounts. The attack "bypasses two-factor authentication (2FA) through session hijacking and real-time credential interception," according to researchers at SlashNet, who discovered the scam. Cyber crooks will send a link to email users, which will infect their device as soon as they click it.
![[Screenshot of a login screen prompting the user to select a provider (Google, Yahoo, Microsoft, AOL) to continue.]](https://www.thesun.co.uk/wp-content/uploads/2025/02/image4.png?strip=all&w=872)
This link will redirect users to a malicious server that shows as a fake sign-in page. The fake page "mirrors" the legitimate sign-in page - so there are no security warnings. Most people will assume they are on the legitimate site. Users then, unknowingly, enter their login details into the fake page, handing access to their accounts to fraudsters. The new phishing campaign, known as Astaroth, "distinguishes itself by not only intercepting login credentials but also by rapidly capturing 2FA authentication tokens and session cookies as they are generated," researchers added.
![[Screenshot of a Google account verification process on a computer, showing a notification to verify the account via a mobile phone.]](https://www.thesun.co.uk/wp-content/uploads/2025/02/image2.png?strip=all&w=872)
This allows attackers to bypass two-factor authentication protections "with remarkable speed and precision.". So, even if you are sent an SMS code to access your email account, the attackers can intercept it. There are plenty of phishing scams out there that deploy fake login pages. But Astaroth is particularly sophisticated, SlashNext warned in its report, because of its ability to capture all authentication data in real time.
"Astaroth significantly raises the bar, rendering conventional phishing methods and their inherent security measures largely ineffective," said researchers. The Astaroth phishing kit is currently being sold on the dark web, where cyber criminals can buy it for $2,000 and six months worth of updates. HERE's what you need to know:. Over the weekend, Gmail users were warned of a new AI-fuelled scam that steals their personal information and hijacks their accounts.
The FBI first warned about the attacks in May last year. The "devastating" attack saw not just funds stolen from accounts but also victims' identities. FBI Special Agent in Charge, Robert Tripp, said: "Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. "These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data.".
