Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA

Staff Editor 2026-02-19
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA

Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA

https://www.infosecurity-magazine.com/news/starkiller-phishing-kit-bypasses/

Publish Date: 2026-02-19 07:00:00

Source Domain: www.infosecurity-magazine.com

A newly uncovered phishing kit allows cybercriminals to steal usernames and passwords with a toolkit which spoofs live login pages and bypasses multi-factor authentication (MFA) protections, cybersecurity analysts have warned.

Dubbed Starkiller, the phishing platform has been detailed by researchers at Abnormal, who have described it as “a commercial-grade cybercrime platform” and “a comprehensive toolkit for stealing identities at scale”.

The tool is distributed on the dark web like a software-as-a-service (SaaS) product, complete with a subscription model, updates and customer support.

Researchers noted that while the Starkiller name is shared with a legitimate red team penetration testing tool by BC Security, the two platforms are not related.

What makes Starkiller notable is how it differs from many other phishing kits.

Most rely on static HTML clones of the login page the attackers want to replicate. But with Starkiller, the phishing site is launched through a proxy operated by attacker-controlled infrastructure which is indistinguishable from the real login portal being used as template.

“Recipients are served genuine page content directly through the attacker’s infrastructure, ensuring the phishing page is never out of date. And because Starkiller proxies the real site live, there are no template files for security vendors to fingerprint or blocklist,” Abnormal researchers explained.

The proxy is launched in a headless Chrome instance and gives the user little to no reason for suspicion. However, the infrastructure means that the credentials entered are set directly to the attackers.

The Starkiller kit provides attackers with the ability to mimic Google, Microsoft, Facebook, Apple, Amazon, Netflix, PayPal, various banks and many more online services. The tool generates a deceptive URL that visually mimics the legitimate domain while routing traffic through the attacker’s infrastructure.

Starkiller also offers cybercriminals real-time…

Source

More Stories

Canada parliament passes cybersecurity bill amid privacy concerns – JURIST

Canada parliament passes cybersecurity bill amid privacy concerns – JURIST

Staff Editor 2026-06-06
Gaming soundbar can be hijacked from over 16 yards away without touch or pairing — the company allegedly refuses to label the blatant security flaw a cybersecurity risk

Gaming soundbar can be hijacked from over 16 yards away without touch or pairing — the company allegedly refuses to label the blatant security flaw a cybersecurity risk

Staff Editor 2026-06-06
White House EO Seeks Early Evaluation of Frontier AI Models

White House EO Seeks Early Evaluation of Frontier AI Models

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy