Starkiller Phishing Kit Bypasses MFA via Live Proxies

A new, highly effective phishing tool has emerged, allowing cybercriminals to reliably bypass multi-factor authentication protections used by millions. According to researchers at Abnormal, the Starkiller platform, developed by a group called Jinkusu, operates by acting as a real-time reverse proxy between a victim and a legitimate website, serving a perfect, live copy of the login page from inside a Docker container. This method captures every keystroke and session token, making traditional security fingerprinting and blocklists ineffective.

Consequently, this technique eliminates the need for attackers to manually update their fake pages, as they always mirror the current live site. Meanwhile, the threat landscape continues to evolve with other sophisticated methods, including one campaign that compromises Microsoft 365 accounts by tricking users into entering an attacker-supplied device code on Microsoft’s own domain, granting the attacker persistent access.

Separately, financial institutions are facing a multi-stage attack that uses spoofed domains to trigger a fraudulent Cloudflare CAPTCHA page before redirecting to credential harvesting sites, as detailed by BlueVoyant. These campaigns employ advanced evasion chains with referrer validation and code obfuscation to hinder automated security tools. The rise of kits like Starkiller and the evolving 1Phish platform shows a trend toward criminal “as-a-service” offerings that centralize attack management and lower the technical barrier to entry for fraudsters.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Solana Struggles to Surpass $90 Resistance Amid Volatility
• Bitcoin Holds $67K Amid ETF Outflows, Geopolitical Strains
• Crypto Exchanges Embed AI ‘Brains’ Into Wallets
• Riot Platforms Reports Record $647.4M Revenue in 2025
• Ethereum Whale Spends $10.9M on 5K ETH Amid Market Dip