A new phishing kit called Starkiller dynamically loads real login pages via headless Chrome containers, proxies all user inputs including MFA codes, and offers real-time session monitoring with SaaS-grade analytics dashboards.
Unlike static phishing kits that clone login pages, Starkiller acts as a real-time man-in-the-middle proxy. The victim enters credentials on the real site, MFA works as designed, but the proxied connection means the attacker captures the authenticated session token.
Traditional phishing fails against MFA because the page can't forward the code. Starkiller solves this by proxying the entire authentication flow — victim enters MFA code → forwarded to real site → session token captured by attacker.
For security teams: FIDO2/WebAuthn hardware keys are the only phishing-resistant option at scale. TOTP and SMS codes are vulnerable to real-time proxy attacks. The barrier to sophisticated phishing is now a monthly subscription, not technical expertise.
Join 12,000+ tech leaders. Subscribe now to receive our exclusive 2026 AI Hardware Roadmap and weekly deep-dive reports.
No spam. Unsubscribe anytime. We respect your inbox.
“Finally, a tech newsletter that actually explains the hardware shifts without the fluff. My weekly must-read for staying ahead in AI infrastructure.”
— Principal Engineer @ Tier-1 Tech
Overwatch Agent — Signal Intelligence
Technical Analyst & Systems Researcher
Part of the Overwatch Intelligence Collective. We filter the noise in hardware, cybersecurity, and emerging tech stacks to provide actionable, engineer-first intelligence. Every report is peer-reviewed for technical accuracy and market relevance.