Subj : Double check your Microsoft 365 and Google accounts - this VoidPr To : All From : TechnologyDaily Date : Mon Sep 15 2025 14:15:09 Double check your Microsoft 365 and Google accounts - this VoidProxy phishing service is hitting them hard Date: Mon, 15 Sep 2025 13:00:00 +0000 Description: Researchers found a new phishing kit capable of working around MFA and stealing session cookies. FULL STORY ======================================================================VoidProx y is a new phishing-as-a-service platform targeting Microsoft 365 and Google accounts Attacks begin from compromised email addresses and use fake login pages hosted on disposable domains Phishing kits now include automation, support, and GenAI-enhanced content, making campaigns more convincing and harder to detect Cybercriminals are using a brand new phishing-as-a-service (PhaaS) platform called VoidProxy to steal peoples Microsoft 365 and Google accounts, including those defended by two layers of protection according to security researchers Okta, who spotted one of these campaigns recently, and described them as sophisticated and evasive. A PhaaS kit is a ready-made solution that can be bought, or rented, even by non-technical, low-skilled cybercriminals, to launch successful phishing campaigns. Its essentially a plug-and-play solution for digital fraud, which includes fake website templates, email and SMS spoofing tools, a data harvesting backend, and various customization options. In some cases, the kits also come with customer support, tutorials, and automation features. Working around MFA In this case, the attack starts from a legitimate but compromised email address. This helps the spam message make it past different filters and into peoples inboxes. The emails try to redirect people to fake Microsoft 365 and Google login sites, hosted on low-cost, disposable domains, such as .icu, ..sbs, .cfd, .xyz, .top, and .home. There, victims are asked to log into these services, and those that have their accounts protected by multi-factor authentication (MFA), such as Okta for SSO, are then redirected to a separate phishing page. The traffic between the victim and the attacker is redirected to the legitimate service, and the codes being sent and received are grabbed in transit. VoidProxy can intercept and copy the session cookie, essentially granting the attackers access even without logging in. Phishing attacks have gotten a lot more dangerous and sophisticated in these last couple of years. Besides being able to steal two-factor authentication codes, the attacks are also benefitting from generative artificial intelligence (GenAI) tools, since in the pre-GPT era, phishing emails were marred with spelling and grammar errors, as well as language inconsistencies and overall clunkiness. Via BleepingComputer You might also like Microsoft warns about a new phishing campaign impersonating Booking.com Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/double-check-your-microsoft-365-and-goo gle-accounts-this-voidproxy-phishing-service-is-hitting-them-hard --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .