New "Starkiller" Phishing Kit Uses Real Websites to Steal Logins
TL;DR
A new 'Starkiller' phishing kit uses real-time website proxies to mimic legitimate login pages, making scams harder to detect. It's now available as a commercial service, increasing accessibility for scammers.
Tags
Security researchers have uncovered a new Phishing-as-a-Service (PhaaS) called "Starkiller" that is significantly harder to detect than traditional scams. Unlike old phishing pages that use fake templates, this tool uses a "live proxy" to show you the actual login pages of Google, Microsoft, and Apple in real-time.
Edit: As some of you pointed out, i’m realizing that the "live proxy" method itself isn't a brand-new invention. What seems to be the "new" part (and what i think the article is highlighting) is the commercialization and accessibility. It’s gone from a specialized tool for high-level hackers to a "Phishing-as-a-Service" (PhaaS) kit that anyone can buy and run. Essentially, the tech stayed the same, but it's now been mass-produced for the "average" scammer.
[link] [comments]