Thursday , June 5 2025
Rockstar 2FA

“Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks

Cybersecurity researchers are alerting users about phishing email campaigns using a toolkit called “Rockstar 2FA” to steal Microsoft 365 account credentials.

These campaigns use advanced techniques to create fake landing pages resembling real Microsoft 365 login pages. Their main goal is to steal user credentials, targeting Microsoft accounts.

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...
Read More
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...
Read More
ALERT  Thousands of IP addresses compromised nationwide: CIRT warn

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...
Read More
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Critical RCE Flaw Patched in Roundcube Webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
Critical RCE Flaw Patched in Roundcube Webmail

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
Hacker claim Leak of Deloitte Source Code & GitHub Credentials

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
CISA Issued Guidance for SIEM and SOAR Implementation

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?

This campaign stands out because it features car-themed web pages, attracting over 5,000 visits to related domains since May 2024.

Rockstar 2FA is an updated phishing kit that uses a PaaS model, making it easily accessible to cybercriminals.

Rockstar 2FA offers features like 2FA bypass, cookie harvesting, antibot protection, login page themes that look like popular services, undetectable links, and Telegram bot integration.

It offers a modern, user-friendly admin panel that lets customers track their phishing campaigns, generate URLs and attachments, and customize themes for their links.

Trustwave has identified email campaigns that use different methods to gain access, including URLs, QR codes, and document attachments. These messages come from compromised accounts or spamming tools and feature various lures, such as file-sharing notifications and e-signature requests.

“This campaign employs an AiTM attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multifactor authentication (MFA) enabled can still be vulnerable,” Trustwave research said.

Rockstar 2FA phishing campaigns use different email delivery methods, like compromised accounts and legitimate services. Because they come from trusted sources, they are less likely to be flagged by traditional filters, making them more effective.

The attacks have impacted users in different sectors and regions, using various phishing themes, such as:

Password/account-related alerts
Voicemail notifications
HR and payroll-related messages
MFA lures
IT department notifications
Document and file-sharing notifications
E-signature platform-themed messages

Threat actors bypass antispam detection using obfuscation methods, FUD links, and QR codes. They also employ Cloudflare Turnstile on their phishing landing pages to block automated analysis.

Researchers found significant domains hosting decoy content on the AiTM server, which show a decoy page when accessed.

Commodity phishing attacks, like those targeting Rockstar 2FA, are common because they are cheap and easy to execute.

AiTM techniques can bypass added security measures such as multifactor authentication (MFA), increasing the risk of account takeovers and business email compromise (BEC) attacks.

Cybersecurity experts warn that ongoing Rockstar-led phishing activities may lead to continuous updates or the creation of more advanced phishing tools, posing ongoing challenges for digital security.

Check Also

Qualcomm

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting …

Leave a Reply

Your email address will not be published. Required fields are marked *