Urgent Warning For 1.8 Billion Gmail Users: Dangerous Cyber Attacks Can Steal Your Account

Authentification of 2 Factors is very important in preventing phishing (photo: x @slashnextinc)

JAKARTA - Cybersecurity experts warn all Gmail users about a new threat capable of penetrating the two-factor authentication system (2FA) and taking over their accounts.

Two-factor authentication usually adds an extra layer of security by sending an access code to a legitimate user's cellphone or email. However, a new hacking tool called Astaroth can steal this code in real-time and make the victim think that they are logging into their account as usual, when in fact they are directed to a fake page that resembles the appearance of their browser.

How Does Astaroth Work?

Astaroth uses advanced phishing techniques that allow hackers to steal usernames, passwords, credit card numbers, bank information, and other important data after victims try to log into their accounts via fake pages.

When users enter their credentials on a fake login page, Astaroth acts as an "intermediary", recording the information before forwarding it to the real login page. With this method, hackers can avoid detection and stealing:

- Username and password

- Two-factor authentication code (2FA)

- Cookie sessions that allow them to enter without the need to reincorporate credentials

Since the fake page did not display any security alerts, the victim did not realize that their information had been stolen until their account was hacked.

Who is at risk? This attack can target anyone who uses email services such as: 'Gmail 1.8 billion users' Microsoft Outlook 400 million users' Yahoo Mail 225 million users' AOL Mail 1 million users' Accounts that use third-party logins (Google, Facebook, etc.).

How To Protect Yourself From This Attack?

- Don't click on suspicious links sent via email, SMS, or social media.- Check the URL carefully before entering login information. Make sure you're actually on the official website.- Use app-based two-factor authentication such as Google Authenticator or Authy, not SMS or email. - Enable Gmail security warning to be notified if there is suspicious login activity.- Never share 2FA code with anyone, even if you feel you are receiving requests from Google or other official companies.

Astaroth sellers on the dark web offer this tool for just 2.000 US dollars (IDR 32.6 million) including an update for six months to avoid detection of the latest security system. This makes it even more difficult for authorities to track down cybercriminals.

Google itself has screened nearly 100 million phishing emails every day, but cybercrime continues to grow. Therefore, always be vigilant and don't be a victim of this attack.