Double check your Microsoft 365 and Google accounts - this VoidProxy phishing service is hitting them hard

News
By published

Researchers found a new phishing kit

Illustration of a hooked email hovering over a mobile phone
(Image credit: Getty Images)
  • VoidProxy is a new phishing-as-a-service platform targeting Microsoft 365 and Google accounts
  • Attacks begin from compromised email addresses and use fake login pages hosted on disposable domains
  • Phishing kits now include automation, support, and GenAI-enhanced content, making campaigns more convincing and harder to detect

Cybercriminals are using a brand new phishing-as-a-service (PhaaS) platform called VoidProxy to steal people’s Microsoft 365 and Google accounts, including those defended by two layers of protection according to security researchers Okta, who spotted one of these campaigns recently, and described them as sophisticated and evasive.

A PhaaS kit is a ready-made solution that can be bought, or rented, even by non-technical, low-skilled cybercriminals, to launch successful phishing campaigns.

It’s essentially a plug-and-play solution for digital fraud, which includes fake website templates, email and SMS spoofing tools, a data harvesting backend, and various customization options. In some cases, the kits also come with customer support, tutorials, and automation features.

Working around MFA

In this case, the attack starts from a legitimate but compromised email address. This helps the spam message make it past different filters and into people’s inboxes. The emails try to redirect people to fake Microsoft 365 and Google login sites, hosted on low-cost, disposable domains, such as .icu, .sbs, .cfd, .xyz, .top, and .home.

There, victims are asked to log into these services, and those that have their accounts protected by multi-factor authentication (MFA), such as Okta for SSO, are then redirected to a separate phishing page.

The traffic between the victim and the attacker is redirected to the legitimate service, and the codes being sent and received are grabbed in transit. VoidProxy can intercept and copy the session cookie, essentially granting the attackers access even without logging in.

Phishing attacks have gotten a lot more dangerous and sophisticated in these last couple of years. Besides being able to steal two-factor authentication codes, the attacks are also benefitting from generative artificial intelligence (GenAI) tools, since in the pre-GPT era, phishing emails were marred with spelling and grammar errors, as well as language inconsistencies and overall clunkiness.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.