New phishing attack uses real-time interception to bypass 2FA

Phishing attacks are everywhere, and most of us can spot the obvious ones. Even if someone falls for one and hands over their password, two-factor authentication (2FA) usually adds a crucial layer of protection. But a new phishing kit making the rounds can bypass 2FA entirely by using session hijacking and real-time credential interception.

Known as Astaroth, this tool intercepts and manipulates traffic between your device and legitimate authentication services like Gmail, Yahoo and Microsoft.