VoidProxy phishing service targets Microsoft

VoidProxy phishing service targets Microsoft. Security researchers at Okta Threat Intelligence have discovered a new cybercrime. service that allows attackers to bypass even the most robust security measures.

VoidProxy phishing service targets Microsoft

Researchers have discovered a brand-new Phishing-as-a-Service (PhaaS) platform called VoidProxy. Phishing-as-a-Service helps hackers obtain login information from Google and Microsoft accounts.including those protected by standard multi-factor authentication (MFA).

In a thorough report on their findings, the researchers state that “VoidProxy represents a mature, scalable, and evasive threat to traditional email security and authentication controls.”

VoidProxy phishing service targets Microsoft : How it works

VoidProxy uses a technique called Adversary-in-the-Middle (AitM). Unlike traditional phishing kits, attackers secretly intercept the authentication flow in real time. This gives them the ability to intercept login sessions live, obtaining MFA codes, usernames, passwords, and even the sessions that keep users logged in.

Criminals can bypass a number of popular MFA techniques, including SMS codes and one-time passwords (OTP) from authenticator apps, by using these stolen session cookies to obtain complete access to victims’ accounts.

Stealthy Delivery Tactics

Okta researchers discover VoidProxy after noticing unusual activity being block by their anti-phishing FastPass authenticator. Upon closer examination, discover a massive structure that had previously been undetected by numerous anti-analysis techniques. These included hiding behind Cloudflare services, sending lures using compromised email accounts, and using cheap, disposable domains like .icu, .xyz, and .top.

Usually, phishing campaigns start with emails sent from accounts that compromise at reputable email service providers. After clicking on the embed links, victims are taken through a series of CAPTCHA challenges and redirections before arriving at a phony Google or Microsoft login page that nearly looks the same as the real one.

Targeting Single Sign-On (SSO) Users

VoidProxy goes one step further for businesses that use single sign-on (SSO) services like Okta. By creating realistic-looking second-stage login pages that mimic SSO processes, it deceives staff members into divulging even more private information.

VoidProxy’s proxy servers, relaying traffic between the victim and the authenticator service, silently steal login information and cookies once credentials are enter. These stolen credentials are immediately sent to VoidProxy’s admin panel. Hackers can download the stolen data, monitor activity, and even receive Telegram alerts.

Why It’s Dangerous

VoidProxy lowers the bar for cybercrime by providing a user-friendly dashboard and resilient infrastructure. Sophisticate phishing campaigns can be launch by cybercriminals of all skill levels. They can result in financial fraud, data exfiltration, business email compromise (BEC), and lateral movement within victim networks.

The Good News: What Still Works

According to Okta’s research, phishing-resistant authentication is VoidProxy’s main flaw, despite its sophistication. The researchers verify that users who  protect by phishing-resistant authentication techniques, like passkeys and Okta FastPass, could not be dupe into divulging credentials; instead, they were alerts that their account being compromise.

Expert Recommendations

In order to protect against threats such as VoidProxy, Okta suggests:

• implementing phishing-resistant authentication methods like smart cards, FIDO2 WebAuthn (passkeys and security keys), and Okta FastPass.

• restricting only managable devices’ access to sensitive apps.

• utilizing risk-based access controls and behavioral analytics.

• educating staff members to recognize phishing scams and dubious emails.

• To respond instantly to questionable infrastructure or login attempts, use identity threat protection.

Even though VoidProxy demonstrates the evolution of phishing tactics, an organization’s exposure to contemporary phishing threats can be considerably decrease by putting in place more robust login protections, astute policies, and a vigilant workforce.