- VoidProxy is a new phishing-as-a-service platform targeting Microsoft 365 and Google Accounts
- Attacks begin from compromised E -mail addresses and use false login — sides that host one -time domains
- Phishing sets now include automation, support and Genai-enhanced content, making campaigns more convincing and more difficult to discover
Cyber criminals use a brand new phishing-as-A-Service (Phaas) platform called VoidProxy to steal People’s Microsoft 365 and Google Accounts, including those defended by two layers of protection according to security researchers Octa recently discovered one of these campaigns and described them as sophisticated and stingy.
A phaas kit is a ready-made solution that can be purchased or rented, even by non-technical, low-qualified cyber criminals, to launch successful phishing campaigns.
It is essentially a plug-and-play solution for digital fraud that includes fake site templates, email and SMS falseing tools, a data that harvests backend and various customization options. In some cases, sets are also supplied with customer support, tutorials and automation functions.
Works around MFA
In this case, the attack starts from a legitimate but compromised E email address. This helps the spam message to make it past different filters and to people’s inboxes. Emails are trying to redirect people to fake Microsoft 365 and Google Login sites hosted at low cost, available domains such as .icu, .sBS, .CFD, .xyz, .top and .home.
Victims are asked to log in to these services, and those who have their accounts protected by multi-factor approval (MFA), such as Octa for SSO, then redirected to a separate phishing page.
The traffic between the victim and the striker is redirected to the legitimate service and the codes sent and received grabbed in transit. VoidProxy can intercept and copy the Session Cookie and essentially give the striker access even without logging in.
Phishing -attack has become much more dangerous and sophisticated in the last few years. In addition to being able to steal two-factor-approval codes, the attacks also benefit from generative artificial intelligence (Genai) tools as phishing emails in the pre-gpt era were damaged with spelling and grammar errors as well as linguistic discrepancies and unified blocks.
Via Bleeping computer
