March 3, 2026

Starkiller Phishing Suite Exploits AitM Reverse Proxy to Bypass MFA Security

Vaibhav March 3, 2026
Starkiller-Phishing-Suite-Exploits-AitM-Reverse-Proxy-to-Bypass-MFA-Securitydata
Post Views: 2

Cybercrime Platform Starkiller Employs AitM Reverse Proxy to Evade Multi-Factor Authentication

A newly uncovered phishing suite, dubbed Starkiller, has been found to leverage an AitM reverse proxy to bypass multi-factor authentication (MFA) protections.

Phishing Suite Capabilities

This cybercrime platform, offered by a threat group known as Jinkusu, provides customers with a dashboard that enables them to select a brand to impersonate or enter a legitimate URL.

Users can also choose custom keywords and utilize URL shorteners like TinyURL to obscure the destination URL.

Reverse Proxy Technique

According to researchers, Starkiller launches a headless Chrome instance within a Docker container, which loads the targeted brand’s website and acts as a reverse proxy between the victim and the legitimate site.

This approach ensures that the phishing page remains up-to-date and avoids the need for attackers to periodically update their templates.

The AitM reverse proxy technique employed by Starkiller allows it to forward user inputs to the legitimate site and return the site’s responses, effectively capturing all keystrokes, form submissions, and session tokens.

Impact and Concerns

This development comes as another phishing kit, 1Phish, has evolved to target 1Password users with a multi-stage phishing campaign.

The increasing sophistication of phishing campaigns, such as those utilizing OAuth 2.0 device authorization grant flow to bypass MFA and compromise Microsoft 365 accounts, highlights the growing threat of phishing-as-a-service platforms like Starkiller and 1Phish.

These platforms are lowering the skill barrier required to carry out large-scale phishing attacks, making them a significant concern for businesses and individuals alike.

Recent Phishing Campaigns

In recent months, phishing campaigns have targeted financial institutions, including U.S.-based banks and credit unions, to harvest credentials.

These campaigns have employed advanced evasion techniques, such as referrer validation, cookie-based access controls, and code obfuscation, to evade detection.

Conclusion

The use of AitM reverse proxies and other advanced techniques in phishing campaigns underscores the need for organizations to remain vigilant and implement robust security measures to protect against these types of attacks.



About Author

Vaibhav

See author's posts

More Stories

Android-Update-Fails-to-Patch-Qualcomm-Zero-Day-Vulnerability-Security-Concerns-Risedata

Android Update Fails to Patch Qualcomm Zero-Day Vulnerability: Security Concerns Rise

Vaibhav March 3, 2026
AI-Powered-Incident-Response-Keepnet-s-Revolutionary-Email-Threat-Containment-Solutiondata

AI-Powered Incident Response: Keepnet’s Revolutionary Email Threat Containment Solution

Vaibhav March 3, 2026
Streamline-Windows-Device-Onboarding-with-New-Defender-Deployment-Tooldata

Streamline Windows Device Onboarding with New Defender Deployment Tool

Vaibhav March 3, 2026

Latest Cyber Security News

Iran-Cyber-Front-Hacktivist-Activity-Increases-Amid-Low-State-Sponsored-Attacksdata

Iran Cyber Front: Hacktivist Activity Increases Amid Low State-Sponsored Attacks

Vaibhav March 3, 2026
Android-Update-Fails-to-Patch-Qualcomm-Zero-Day-Vulnerability-Security-Concerns-Risedata

Android Update Fails to Patch Qualcomm Zero-Day Vulnerability: Security Concerns Rise

Vaibhav March 3, 2026
Starkiller-Phishing-Suite-Exploits-AitM-Reverse-Proxy-to-Bypass-MFA-Securitydata

Starkiller Phishing Suite Exploits AitM Reverse Proxy to Bypass MFA Security

Vaibhav March 3, 2026
Unlocking-the-Power-of-AI-Agents-Harnessing-Invisible-Identity-Dark-Matter-for-Unprecedented-Business-Growthdata

Unlocking the Power of AI Agents: Harnessing Invisible Identity Dark Matter for Unprecedented Business Growth

Vaibhav March 3, 2026
AI-Powered-Incident-Response-Keepnet-s-Revolutionary-Email-Threat-Containment-Solutiondata

AI-Powered Incident Response: Keepnet’s Revolutionary Email Threat Containment Solution

Vaibhav March 3, 2026
en_USEnglish
en_USEnglish