This is another variant of the document-sharing theme exploited by the Rockstar 2FA attackers.“A Google Docs Viewer link in the email is used to render a malicious PDF file hosted on an external site,” the researchers said, “phishers have started abusing this feature that allows users to embed PDF and PowerPoint files in a webpage.
The Trustwave SpiderLabs researchers also warned that the threat actors are known to have employed the abuse of QR codes, something I unapologetically refuse to call quishing, to embed the landing site URL in the code itself.“This method often bypasses traditional detection systems that focus on visible links,” the researchers said.
With subscription rates for Rockstar 2FA starting at $200 for a two weeks of access, and one-off as well as monthly subscriptions also available, the exploit kit is fully packed: beyond the two-factor authentication bypass functionality, Rockstar 2FA also offers criminal hackers antibot protection, multiple login page themes, randomized source codes and attachments, fully undetectable links, telegram bot integration and a user-friendly admin panel, the researchers said.
The story "Google And Microsoft Users Warned—Rockstar 2FA Bypass Attacks Incoming" has 30 words across 41 sentences, which will take approximately 1 minutes for the average person to read.
Which news outlet covered this story?
The story "Google And Microsoft Users Warned—Rockstar 2FA Bypass Attacks Incoming" was covered 19 hours ago by Forbes, a news publisher based in United States.
How trustworthy is 'Forbes' news outlet?
Forbes is a fully independent (privately-owned) news outlet established in 1917 that covers mostly startups and technology news.
The outlet is headquartered in United States and publishes an average of 16 news stories per day.
It's most recent story was published 13 hours ago.
What do people currently think of this news story?
The sentiment for this story is currently Negative, indicating that people regard this as "bad news".
How do I report this news for inaccuracy?
You can report an inaccurate news publication to us via our contact page. Please also include the news #ID number and the URL to this story.
