Rockstar 2FA Exploit Kit Poses Growing Threat to Google and Microsoft Users

Hackers are leveraging phishing-as-a-service tools to bypass two-factor authentication, targeting major platforms like Microsoft 365 and Google Docs.

The Rockstar 2FA phishing kit uses attacker-in-the-middle tactics to bypass two-factor authentication by stealing session cookies.
Microsoft accounts are a primary target, with phishing pages mimicking Microsoft 365 login screens, though Google users are also at risk.
The exploit kit, an evolution of the DadSec phishing tool, is linked to the Storm-1575 threat actor, known for high-profile campaigns in 2023.
Hackers are abusing trusted platforms like Microsoft OneDrive, OneNote, and Google Docs to evade detection and redirect users to malicious landing pages.
Advanced features of the kit include fully undetectable links, antibot protection, and QR code-based phishing, making it widely accessible to cybercriminals.