Starkiller Phishing Kit Bypasses MFA via Proxy-Based Attacks

Timeline

1. 19.02.2026 14:00 1 articles · 10h ago

   Starkiller Phishing Kit Bypasses MFA via Proxy-Based Attacks

   A new phishing kit called Starkiller has emerged, allowing attackers to bypass multi-factor authentication (MFA) by proxying legitimate login pages. The kit is distributed as a subscription-based service on the dark web, offering real-time session monitoring and keylogging capabilities. It mimics login pages of major services like Google, Microsoft, and banks, routing traffic through attacker-controlled infrastructure to steal credentials and authentication tokens. Starkiller uses a headless Chrome instance to serve genuine page content, making it difficult for security vendors to detect or block. The toolkit is sold with updates and customer support, posing a significant escalation in phishing infrastructure.

   Show sources

   • Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA — www.infosecurity-magazine.com — 19.02.2026 14:00

   Open in new tab

Information Snippets

• Starkiller is a commercial-grade phishing kit distributed as a SaaS product on the dark web with a subscription model.

  First reported: 19.02.2026 14:00
  1 source, 1 article
  Show sources

  • Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA — www.infosecurity-magazine.com — 19.02.2026 14:00

• The kit proxies legitimate login pages through attacker-controlled infrastructure, serving genuine content to bypass detection.

  First reported: 19.02.2026 14:00
  1 source, 1 article
  Show sources

  • Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA — www.infosecurity-magazine.com — 19.02.2026 14:00

• Starkiller can mimic login pages of major services like Google, Microsoft, Facebook, Apple, Amazon, Netflix, PayPal, and various banks.

  First reported: 19.02.2026 14:00
  1 source, 1 article
  Show sources

  • Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA — www.infosecurity-magazine.com — 19.02.2026 14:00

• The kit includes real-time session monitoring and keylogging capabilities to capture victim interactions.

  First reported: 19.02.2026 14:00
  1 source, 1 article
  Show sources

  • Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA — www.infosecurity-magazine.com — 19.02.2026 14:00

• Starkiller bypasses MFA by forwarding one-time codes and authentication tokens to the legitimate service in real time.

  First reported: 19.02.2026 14:00
  1 source, 1 article
  Show sources

  • Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA — www.infosecurity-magazine.com — 19.02.2026 14:00

• The toolkit is distributed via phishing emails imitating alerts from major services like Google and Microsoft.

  First reported: 19.02.2026 14:00
  1 source, 1 article
  Show sources

  • Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA — www.infosecurity-magazine.com — 19.02.2026 14:00

• Starkiller is sold with ongoing updates and helpdesk support via Telegram.

  First reported: 19.02.2026 14:00
  1 source, 1 article
  Show sources

  • Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA — www.infosecurity-magazine.com — 19.02.2026 14:00

• Organizations are advised to monitor for anomalous login patterns or session token reuse from unexpected locations to defend against Starkiller attacks.

  First reported: 19.02.2026 14:00
  1 source, 1 article
  Show sources

  • Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA — www.infosecurity-magazine.com — 19.02.2026 14:00