Cyber Threat Monthly Newsletter from Fluid One

New 2FA Phishing Kit Astaroth Threatens User Logins

IT security has long been a game of cat and mouse, with cyber criminals and security professionals constantly evolving their tactics. A new threat, the Astaroth phishing kit, highlights this ongoing battle by targeting two-factor authentication (2FA)—a security measure once seen as a reliable defence.

Understanding MFA and 2FA
Passwords have traditionally been the primary line of defence in digital security. However, due to their vulnerabilities, multi-factor authentication (MFA) was introduced to enhance protection. MFA requires users to provide two or more forms of identification—commonly passwords alongside biometric data or one-time codes—before granting access. 2FA, a subset of MFA, typically involves just two methods.

What makes Astaroth different?
While MFA and 2FA have significantly improved security, they’re not immune to attack. Phishing remains a popular tactic, with scammers posing as trusted entities to steal credentials. Astaroth takes this a step further.

First appearing in January 2025, Astaroth is a sophisticated phishing kit designed to intercept 2FA codes in real-time. It works by creating convincing replicas of legitimate login pages, tricking users into submitting their credentials. Once entered, the kit captures both the password and 2FA code, allowing attackers to access the real site immediately—bypassing what would normally be a strong security barrier.

How the attack works:

1. A user receives an email that appears to be from a trusted source (e.g., Microsoft or Gmail).
2. Clicking the link directs them to a fake but authentic-looking login page.
3. As the user enters their credentials and 2FA code, the kit relays the information to the real site, granting the attacker access.

What sets Astaroth apart is its ability to function as a live "man-in-the-middle," capturing credentials and 2FA tokens in real time. Traditional phishing kits often stop at collecting static login details—this one goes further.

Protecting Yourself
Vigilance is key. To protect against Astaroth and similar threats:

• Be sceptical of unexpected login requests or urgent emails.
• Always double-check URLs—legitimate Microsoft logins, for instance, use https://login.microsoftonline.com.
• When in doubt, contact your IT team before clicking.

Need support with your IT security?

Cyber threats evolve constantly, making awareness your best defence. At FluidOne, we offer training to help users stay informed, along with solutions like MFA, mobile device management, and secure networking. You can reach us through https://www.fluidone.com/contact, call us at 01273 384100 or email us at brighton@fluidone.com to get in touch with our experts today to find out how we can help protect your business.