Fishing attacks are everywhere, and most of us can spot clear people. Even if someone falls for one and holds hands on their password, two-factor authentication (2fa) usually adds a significant layer of security. But a new phishing kit 2FA that makes 2FA can completely bypass 2FA using session kidnapping and real -time credential interception.
Known as Astaroth, this device prevents and manipulation between your device and legitimate authentication services like Gmail, Yahoo and Microsoft. Since it catches everything in real time, it completely bypasses 2fa and gives the attackers completely access to your account.
Depiction of a hacker at work (Kurt “Cybergui” Notson)
How Estaroth works
Astaroth is a next level fishing kit that leads the scam to a full new level. Instead of using basic fake login pages such as traditional fishing kits, it acts as a middleman between your device and real authentication service, while to grab everything necessary to break quietly.
The attack begins when you click on the fishing link and live on the ground on a malicious site that looks similar to the real. Since the site has valid SSL certificates, there are no red flags, no safety warning and no sketch pop-up. When you enter your login details, including the user name, password, device information and IP address, Estaroth snatches them before passing the request on the real website.
Two-factor authentication There is no problem for Astaroth. It intercepts the one -time password, the other they are recorded, whether they come from an authentic app, SMS or a push notification. The stolen code is immediately sent to the attacker via a web panel or telegram alert, so they can use them before it is over.
The real kicker is that the Estaroth session also captures cookies, which are small bits of data that users log in after authentication. The attackers can inject these cookies into their own browsers, leaving the need for passwords or two-factor authentication. Once they have a session, they are accompanied by the required additional steps.
An example of what the victims and attackers will see (Kurt “Cybergui” Notson)
Best Antivirus for Mac, PC, iPhone and Android – Cybergui Pix
Astaroth is shocking advanced
As mentioned by the cyber security company SlashnextEstaroth stands out of other fishing kits because in real time due to the ability to prevent credentials, automate attacks and oppose Tekdown efforts. Traditional fishing victims depend on entering their credibility on fake login pages, but Estaroth completely removes that step.
Beyond its advanced abilities, Estaroth comes with characteristics that make it attractive to cyber criminal. It uses bulletproof hosting to stay online despite law enforcement efforts, receives consistent updates to bypass the safety patch and follow a structured payment model. For $ 2,000, buyers get six months of continuous upgradation. To create a trust, the creators allowed the hackers to test the fishing kit before purchasing.
Estaroth is widely available through Telegram and underground cybercrime forums. The oblivion of these platforms makes it difficult to track distribution for officers.
Seller is sharing information about the testing of the fishing kit (slashnext) (Kurt “Cybergui” Notson)
How to protect your data from IRS
Indication you may be infected with Astaroth
1) Unphetual account login or safety alert
- You get alert from Gmail, Microsoft or other services about login from an unknown device or location
- You get 2fa request when you were not trying to log in
2) You are mysteriously out of accounts
- If your session cookies are stolen, an attacker can log in as you and force logs elsewhere
3) Password change or settings updates you did not do
- If an attacker controls, they can change recovery email, phone number or password
4) Slow system performance or odd behavior
- Astaroth uses valid Windows procedures (eg WMIC, Bitsadmin or Regsvr32) to hide itself
- If your system is sluggish or the task manager shows strange procedures using high CPU/network, it can be a clue without any clarification.
5) Browser acting strangely
- Login fields are incorrectly or redirected loops
- Trigger
6) The unfamiliar program or script running in the background
- Check for odd scheduled tasks, registry changes or background network connections (especially if they are outbounds for suspected domains or IPS).
What to do if you doubt the infection
- Immediately disconnect the internet
- Run a full malware scan using the Reliable antivirus software
- Check for unauthorized login On its major accounts and Change all passwords On another reliable device
- Enable passkeys or hardware security keys Where possible
- Reset your device If malware persists; A complete factory reset may be required
- Monitor bank accounts and email inboxes For suspicious activity
4 ways to stay safe from Estaroth Fishing attacks
1) Avoid unknown links and use strong antivirus software: Remember that no matter how advanced the malware is, it still needs an input from you. In most cases, an attacker will need you to click on a link, before they steal your data. For example, to do Astaroth work, you have to click on a link, visit a malicious website and enter your credentials. If you do not click on the link, you should be clean with malware.
The best way to protect yourself from malicious links that installs malware, potentially reaches your personal information, is a strong antivirus software installed on all your devices. This security can also make you alert for email and ransomware scams, keeping your personal information and digital assets safe. Get my pics for the best 2025 antivirus security winners for your Windows, Mac, Android and iOS devices,
2) Double-checked sites: Always verify the addresses of the website and use bookmarks for reliable sites. Instead of clicking on the link in emails or messages, type the URL manually or use a reliable bookmark. This reduces the risk of landing on a fraud page designed to mimic a valid website.
3) Update your equipment: You may be surprised how keeping your devices updated help against malware such as Estaroth. Although it does not directly stop any attack, it ensures that the condition does not worsen. Keep your operating system and app up to date The latest security patch closes weaknesses that can exploit malware, making the attackers difficult to establish a leg on your device.
4) Avoid typing password: Avoid entering passwords whenever possible to reduce the risk of credential theft. Instead, use authentication methods such as passkeys, Google Sign-in or Apple Sign-in.
A Omnipotent There is a feature that uses a cryptographic key pairs to verify your identity, eliminates the requirement of traditional passwords. This allows you to sign in apps and websites using the same process used to unlock your device, such as biometrics, pins or patterns.
Google sign-in There is a feature that allows you to log in to third-party applications or websites using your Google account credentials. This simplifies the sign-in process by eliminating the need to create separate user names and passwords for each service. You can sign in through the “sign in Google” button, if first authorized Google sign-in prompt or automatic sign-in.
Apple sign-in There is a feature that enables you to sign in private to participate in third-party applications and websites using your Apple ID. It provides a sharp, easy and more personal way to certify new accounts or to remember additional passwords. To set an account for “Sign with Apple”, when a participating website or app asks you to set or upgrade an account, do the following: Sign with Apple. Follow onscreen instructions. Some apps (and websites) do not request your name and email address. In this case, you simply certify with face ID or touch ID (based on your model), then start using the app. Other people may ask for your name and email address to set a personal account. When an app asks for this information, signs with Apple displays your name and personal email address from your Apple account is to review for you.
These methods depend on cryptographic keys or safe tokens, making it very difficult for the attackers to disrupt your login information, even if they manage to trick you to go to a malicious site.
FBI warns of dangerous new ‘smoothing’ scam targeting your phone
Kurt’s key to Techway
Estaroth shows how far the fishing kits have arrived, taking things beyond normal tricks and easily ignoring 2fa. It is a reminder that no matter what we think is our systems, there is always a smart attack that is waiting to take advantage of the gap. Cyber โโcriminals are rapidly adapted, and while traditional rescue can no longer cut it, there are still steps that you can take back to fight: Use passwordless login, stay updated and learn about these developed hazards.
What do you think governments and companies should do to protect you from sophisticated cyber threats like Estaroth Fishing Kits, which can bypass traditional safety measures? Write us and tell us Cyberguy.com/Contact.
For my tech tips and security alert, subscribe to my free cybergui report newsletter Cyberguy.com/newsletter,
Ask Kurt a question or tell us which stories you want to cover us,
Follow Kurt on your social channels:
Answers to the most asked cyber questions:
New from Kurt:
Copyright 2025 cyberguy.com. All rights reserved.
