Astaroth Phishing Kit Bypasses 2FA to Hijack Gmail and Microsoft Accounts

A new phishing kit, Astaroth, bypasses two-factor authentication (2FA) by using a reverse proxy and real-time credential capture. Astaroth captures login credentials, authentication tokens, and session cookies, allowing attackers to hijack accounts even with 2FA enabled. The kit is sold on Telegram and promoted on cybercrime forums and marketplaces, highlighting its sophistication and effectiveness.