2-factor authentication has become a standard security feature in cybersecurity. This form requires users to verify their identity with a second authentication step, usually an OTP sent via text message, email or authentication application.
This additional layer of security is intended to protect users' accounts even if their passwords are stolen
The use of 2FA is recommended by cybersecurity experts to protect access to users' most sensitive accounts from emails, social media accounts, shopping applications, banks or e-wallets.
This solution, previously considered an invincible barrier to hackers, is being sabotaged by a scam tool called Astaroth. Cybersecurity experts at SlashNext were the first to discover the new tool, which is capable of overcoming two-factor authentication on Google, Microsoft and Yahoo accounts.
To overcome two-factor authentication, hackers send a scam link to users, pointing them to a fake login page that completely imitates the real interface of the target platform. When users enter their login information and secret code, this information will immediately be taken over by cybercriminals and their accounts will be stolen.
What makes Astaroth especially dangerous is its ability to block two-factor authentication in real time. According to SlashNext, the complete product set is sold on Dark Web (the hidden part of the Internet that is not indexed by regular search engines, where transactions often take place anonymously) for 2,000 USD.
To protect themselves from this type of attack, according to cybersecurity experts, as usual, users must be extremely vigilant and avoid clicking on suspicious links from unidentified senders.
Users should also use other, or even safer authentication methods, such as passkey (a security solution that does not require a traditional password), using fingerprints, facial recognition, or authentication codes stored on the device. This can be done with solutions from Apple, Google and Microsoft.
