Adding two-factor authentication (2FA) to your account security is always a good idea, but it’s not impenetrable. Hackers are finding new ways to skirt these defenses and access people’s accounts. For example, a new phishing attack can access Microsoft 365 accounts, even if the target has 2FA enabled.
Rockstar 2FA Is Stealing People’s 2FA Codes
As reported by Trustwave, the Rockstar 2FA phishing kit is a unique set of malicious tools that cybercriminals can purchase on the black market for $200. This kit gives the criminals everything they need to break into someone’s Microsoft 365 account, even if they have 2FA enabled.
Here’s how it works: A bad actor sends out phishing emails claiming that the target must log into their Microsoft 365 account. The email contains a link to a fake Microsoft 365 page, either stating that they’ve received a new document or making up fake threats that must be addressed by accessing the account.
Usually, a phishing attack is no more complex than this. However, the Rockstar 2FA phishing kit has a trick up its sleeve: It acts as an adversary-in-the-middle (AITM). When the user enters their username and password into the fake login page, Rockstar 2FA passes the details to a legitimate Microsoft 365 login page.
Microsoft’s servers verify the login process and ask Rockstar 2FA for the 2FA code. Rockstar passes this request to the user, who completes the login process. Rockstar 2FA then steals the session cookie for the transaction, which allows the hacker to access the victim’s account.
How to Stay Safe From Rockstar 2FA
Fortunately, as dangerous as Rockstar 2FA is, it still relies on traditional phishing tactics to steal your account. As such, if you check out what phishing is and how to avoid it, you should stay safe from this nefarious attack.
