World

Hackers can now break two-factor authentication security measure

To protect against such attacks, cybersecurity experts advise remaining cautious when clicking on links from unfamiliar sources, particularly in emails or messages from unknown senders.

Updated 1 year ago · Published on 21 Feb 2025 9:40AM

Hackers can now break two-factor authentication security measure
Attackers initiate the breach by sending a fraudulent link to their target – February 21, 2025

HACKERS have developed a new phishing tool capable of bypassing two-factor authentication (2FA), a security measure previously regarded as one of the most effective safeguards for online accounts.

This tool, known as Astaroth, targets popular platforms like Google, Microsoft, and Yahoo by exploiting vulnerabilities in 2FA systems, AFP Relaxnews reported today.

The two-factor authentication is designed to enhance security by requiring users to provide not only a password but also an additional code, typically sent via SMS or email.

This added layer was long considered a strong defense against unauthorized access. However, Astaroth, a sophisticated phishing kit named after the Great Duke of Hell, is proving to be a formidable threat to this security measure.

SlashNext, a cybersecurity firm, was the first to detect this tool, which allows hackers to intercept 2FA codes in real time.

The attackers initiate the breach by sending a fraudulent link to their target, leading them to a fake login page that mimics the legitimate interface of a trusted platform.

Once the victim enters their login credentials and 2FA code, the hackers capture and misuse this sensitive information instantly.

What sets Astaroth apart from other phishing tools is its ability to bypass not just the password but the second layer of security — the 2FA code itself. According to SlashNext, the complete phishing kit is available for purchase on the Dark Web for approximately US$2,000 (RM8,855).

To protect against such attacks, cybersecurity experts advise remaining cautious when clicking on links from unfamiliar sources, particularly in emails or messages from unknown senders.

Additionally, using alternative authentication methods such as passkeys, which rely on biometrics (like fingerprints or facial recognition) or device-stored codes, offers an added layer of protection. These more secure methods are supported by major tech companies, including Apple, Google, and Microsoft. –  February 21, 2025

Spotlight

Malaysia

Anwar congratulates BN on Johor victory, assures federal government support

Malaysia

Johor PRN: BN officially forms state government, wins 29 seats

Malaysia

Malaysia-Thailand open historic border crossing to deepen trade, regional integration

By Ian McIntyre

Malaysia

Gerak Khas drama actress, Tisha Samsir denies drug involvement

Malaysia

Student stabbing: Teenage girl sent to Hospital Bahagia for psychiatric evaluation

Malaysia

Anwar wishes Tun M a happy 101st birthday

World

Israel shares intelligence with US over alleged Iranian plot to assassinate Trump

You may be interested

World

Israel shares intelligence with US over alleged Iranian plot to assassinate Trump

World

Trump threatens 'complete destruction' if Iran attempts assassination

World

Fresh US-Iran strikes deepen Middle East crisis as ceasefire crumbles

World

Iran Foreign Minister to hold Oman talks on Strait of Hormuz security

World

Venezuela earthquake death toll climbs to 4,118 as relief efforts intensify

World

Sri Lanka moves to ease prison overcrowding after deadly Negombo riot kills 28

World

Trump: US and Iran to continue talks as Hormuz tensions overshadow fragile diplomacy

World

AI set to reshape nearly 80 million jobs across Southeast Asia without mass layoffs