How Hackers Bypass Multi-Factor Security in Two Clicks using Rockstar 2FA

Cybersecurity researchers are warning of new phishing attacks using a Phishing-as-a-Service ( PhaaS ) tool called Rockstar 2FA. The aim of these attacks is to steal Microsoft 365 user credentials , including session cookies.  In a recent report from Trustwave , researchers noted that the operation uses an adversary-in-the-middle ( AiTM ) technique to intercept credentials and session cookies even from users with multi-factor authentication (MFA) enabled.  Rockstar 2FA is considered an updated version of the DadSec (also known as Phoenix) tool. Microsoft tracks the developers and distributors of this platform under the code name Storm-1575. The tool is sold as a subscription: $200 for two weeks or $350 for a month, giving cybercriminals without advanced technical skills the ability to carry out large-scale attacks.  Rockstar 2FA’s key features include two-factor authentication bypass, cookie collection, anti-bot protection, login page themes that mimic popular services, and integration with Telegram bots. The platform also offers a convenient admin panel for managing malicious campaigns and personalizing links.  Cybercriminals use a variety of initial access methods, including URLs, QR codes, and document attachments. Often, these messages are sent from already compromised accounts or via spam tools. Legitimate URL shortening services, redirects, and protection via Cloudflare Turnstile are used to bypass anti-spam filters.  Trustwave notes that attackers are placing phishing links on trusted platforms such as Google Docs Viewer, Atlassian Confluence and Microsoft OneDrive. This increases the effectiveness of attacks because users are less likely to question the legitimacy of such links.  The data entered by victims on the fake pages is instantly sent to the attackers’ server. The stolen credentials are then used to obtain session cookies, allowing full access to the account, bypassing multi-factor authentication.  The rise of cybercrime through the service model demonstrates how the technological availability and ease of use of malicious tools can pose a serious threat even in the hands of inexperienced hackers. To avoid such threats, users must remain vigilant when working with any online resources, even those that inspire trust.

Leave a Reply