• Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. • But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand’s real website, and then acts as a relay between the victim and the legitimate site - forwarding the victim’s username, password and multi-factor authentication (MFA) code to the legitimate site and returning its responses. • There are countless phishing kits that would-be scammers can use to get started, but successfully wielding them requires some modicum of skill in configuring servers, domain names, certificates, proxy services, and other repetitive tech drudgery. • Enter Starkiller, a new phishing service that dynamically loads a live copy of the real login page and records everything the user types, proxying the data from the legitimate site back to the victim. • According to an analysis of Starkiller by the security firm Abnormal AI, the service lets customers select a brand to impersonate (e.g., Apple, Facebook, Google, Microsoft et. • al.) and generates a deceptive URL that visually mimics the legitimate domain while routing traffic through the attacker’s infrastructure.

Article Summaries:

  • A new phishing‑as‑a‑service platform, dubbed “Starkiller,” lets attackers bypass typical anti‑phishing defenses by proxying real login pages. The service generates deceptive URLs that appear legitimate, then spins up a Docker container running headless Chrome to load the target brand’s authentic login page. All user input-including usernames, passwords and MFA codes-is relayed through the attacker’s infrastructure, logged, and forwarded to the legitimate site. This enables real‑time session monitoring, keylogging, cookie theft, geo‑tracking and automated alerts, effectively neutralizing MFA protections. Security researchers from Abnormal AI highlighted Starkiller’s analytics dashboard and campaign metrics, underscoring its sophisticated, SaaS‑like operator experience.

Sources: