Gmail users around the world have been hit with a fresh security warning after cybersecurity experts identified a new hack that can circumvent two-factor authentication (2FA) to take over accounts.
The added layer of security typically asks a user to enter an access code sent to their phone or a secondary email in order to log in, and aims to provide an additional obstacle to stop unlawful access and keep our data safe.
However, a new cybercrime tool called Astaroth has found a way to beat this extra step and steals these forms of identification in real-time by tricking victims into thinking they are logging into legitimate platforms by sending them to a spoof page that looks legitimate.
Hackers using Astaroth can then gain access to everything from usernames and passwords through to credit card numbers and bank information – making it a huge fraud risk for unsuspecting suers that are caught out. To make matters worse, once in possession of this private data, they could use it to enter your accounts or in some cases to even sell the information on the dark web, reports MailOnline.
Unlike older phishing tools, the new programme acts like a middle man for hackers and records crucial information such as login details like usernames and passwords, along with 2-factor authorisation tokens, and cookies which keep a log of which websites we’ve been visiting.
Even more worryingly, if a user does happen to click onto the phone Gmail login screen used by hackers, there are no security warnings in place to indicate that it isn’t legitimate, meaning it’s all too easy to be caught out.
In fact, the only way to avoid the attack is to avoid clicking on the suspicious link scammers will send in order to gain access – making it all the more critical to take extra care about which sites you are visiting and not to click on any unknown links.
As the largest email provider in the world, Gmail users do carry the highest risk, but other email platforms are equally susceptible, with Outlook, Yahoo Mail and AOL users all potentially at risk from the next-gen phishing tool.
Up until now, phishing scams have remained largely unchanged, with hackers relying on fake login pages to capture usernames and passwords. This meant that 2FA, could still keep accounts secure without too much hassle.
However, Astaroth takes this one step further, by allowing for real-time interception of the verification codes that had previously kept things secure, often without even alerting a user to what they’re doing.
According to researchers at technology company SlashNext, the tool has become a big hit with hackers, and has been sold on the dark web for £1500 ($2000) a time. Due to the covert nature of these sales, often by anonymous users, it also makes it virtually impossible for police to track down and apprehend hackers that have purchased the tech, or the sellers that have sold it.
So how does Astaroth actually work?
Although relatively simple sounding at first glance, Astaroth is actually a lot more high tech than previous phishing tools, and is first triggered when users click on a suspicious or spoof link that will take them to a malicious server the hacker is using as a kind of ‘reverse proxy’. This special kind of server sits in front of another server, app, or cloud and effectively forwards all the victims web browser requests to it, with the data passing through the malicious entity first.
This means that hackers will see every keystroke, page visited and item clicked on in real time, which will allow them to monitor and capture whatever data they need to successfully hijack the account.
Crucially, the rogue server will completely mimic the target domain’s normal appearance and functions, while continuing to send traffic between the victim and the legitimate site.
In simple terms, Astaroth will put up a fake login screen that looks identical to the real one, and will copy data while also passing it on to the real site. It’s because of this latter detail, that in many cases it goes completely undetected, as the verification data will still be sent to the real website, albeit via the hackers.
So how do I avoid being caught out?
The simplest way to avoid being caught out by the scam is to take extra caution when clicking on links you may be sent.
According to Action Fraud, “Phishing emails encourage you to visit the bogus websites.”
“They usually come with an important-sounding excuse for you to act on the email, such as telling you your bank details have been compromised, or claim they’re from a business or agency and you’re entitled to a refund, rebate, reward, or discount.”
However, as Thomas Richards, principal consultant at Black Duck told Infosecurity Magazine: “This phishing kit shows an alarming amount of sophistication. All the usual defences and things to look out for that we train users on are harder to spot with this attack.”
Source link
