Public
- Public
- Network
- Groups
- Featured
- Popular
- People

A screenshot of what the victim sees in a browser URL when visiting one of these Starrkiller domains. In this image from Abnormal AI, the actual malicious landing page is blurred out but we can see it ends in .ru. The service also offers the ability to insert links from different URL-shortening services.

Download link

A screenshot of what the victim sees in a browser URL when visiting one of these Starrkiller domains. In this image from Abnormal AI, the actual malicious landing page is blurred out but we can see it ends in .ru. The service also offers the ability to insert links from different URL-shortening services.
https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/120/098/556/545/551/original/28ac6d674f72912e.png

Notices where this attachment appears

Embed this notice
BrianKrebs (briankrebs@infosec.exchange)'s status on Monday, 23-Feb-2026 22:13:41 JST BrianKrebs

A slick new phishing-as-a-service offering demonstrates just how easily a username+password and a one-time token can be phished. Dubbed "Starkiller," the service uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the victim and the legitimate site -- forwarding the victim's username, password and multi-factor authentication code to the legitimate site and returning its responses.
https://krebsonsecurity.com/2026/02/starkiller-phishing-service-proxies-real-login-pages-mfa/
#phishing #MFA #starkiller

In conversation about a month ago from infosec.exchange permalink