By Sead Fadilpašić

Copyright techradar

Skip to main content

Tech Radar Pro

Tech Radar Gaming

Close main menu

the business technology experts

België (Nederlands)

Deutschland

North America

US (English)

Australasia

New Zealand

View Profile

Search TechRadar

Expert Insights

Website builders

Web hosting

Best web hosting
Best office chairs
Best website builder
Best antivirus
Expert Insights

Don’t miss these

Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

Hackers are stealing Microsoft 365 accounts by abusing link-wrapping services

Experts warn this top GenAI tool is being used to build phishing websites

Phishing emails are getting smarter – and using some new tricks to snare victims

Hackers are also going back to school – major campaign hijacks Google Classroom to hit targets

Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity

Your employee logins are more valuable to criminals than ever – here’s how to keep them protected

Hook, line and sinker: how to detect and protect your business from phishing attacks

Hackers can bypass FIDO MFA keys, putting your accounts at risk – here’s what we know

Hackers are abusing hotel booking notifications to steal credentials in a new phishing campaign

Massive leak of over 115 million US payment cards caused by Chinese “smishing” hackers – find out if you’re affected

Democratized cybercrime: a new lower bar for hackers and higher stakes for security

AI-powered phishing attacks are on the rise and getting smarter – here’s how to stay safe

Malicious URLs and phishing scams remain a constant threat for businesses – here’s what can be done

Top AI website builder Lovable hit in worrying cyberattack – here’s what we know

Double check your Microsoft 365 and Google accounts – this VoidProxy phishing service is hitting them hard

Sead Fadilpašić

15 September 2025

Researchers found a new phishing kit

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Getty Images)

VoidProxy is a new phishing-as-a-service platform targeting Microsoft 365 and Google accounts
Attacks begin from compromised email addresses and use fake login pages hosted on disposable domains
Phishing kits now include automation, support, and GenAI-enhanced content, making campaigns more convincing and harder to detect

Cybercriminals are using a brand new phishing-as-a-service (PhaaS) platform called VoidProxy to steal people’s Microsoft 365 and Google accounts, including those defended by two layers of protection according to security researchers Okta, who spotted one of these campaigns recently, and described them as sophisticated and evasive.

A PhaaS kit is a ready-made solution that can be bought, or rented, even by non-technical, low-skilled cybercriminals, to launch successful phishing campaigns.
It’s essentially a plug-and-play solution for digital fraud, which includes fake website templates, email and SMS spoofing tools, a data harvesting backend, and various customization options. In some cases, the kits also come with customer support, tutorials, and automation features.

You may like

Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

Hackers are stealing Microsoft 365 accounts by abusing link-wrapping services

Experts warn this top GenAI tool is being used to build phishing websites

Working around MFA
In this case, the attack starts from a legitimate but compromised email address. This helps the spam message make it past different filters and into people’s inboxes. The emails try to redirect people to fake Microsoft 365 and Google login sites, hosted on low-cost, disposable domains, such as .icu, .sbs, .cfd, .xyz, .top, and .home.

There, victims are asked to log into these services, and those that have their accounts protected by multi-factor authentication (MFA), such as Okta for SSO, are then redirected to a separate phishing page.
The traffic between the victim and the attacker is redirected to the legitimate service, and the codes being sent and received are grabbed in transit. VoidProxy can intercept and copy the session cookie, essentially granting the attackers access even without logging in.
Phishing attacks have gotten a lot more dangerous and sophisticated in these last couple of years. Besides being able to steal two-factor authentication codes, the attacks are also benefitting from generative artificial intelligence (GenAI) tools, since in the pre-GPT era, phishing emails were marred with spelling and grammar errors, as well as language inconsistencies and overall clunkiness.

Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Via BleepingComputer
You might also like

Microsoft warns about a new phishing campaign impersonating Booking.com
Take a look at our guide to the best authenticator app
We’ve rounded up the best password managers

Sead Fadilpašić

Social Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

Hackers are stealing Microsoft 365 accounts by abusing link-wrapping services

Experts warn this top GenAI tool is being used to build phishing websites

Phishing emails are getting smarter – and using some new tricks to snare victims

Hackers are also going back to school – major campaign hijacks Google Classroom to hit targets

Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity

Latest in Security

US solar highway infrastructure may contain hidden malicious tech, officials warn

US Senator says Microsoft should be probed for ‘gross cybersecurity negligence’ after hospital ransomware attacks

Apple issues customer warning after four spyware campaigns discovered targeting devices

M&S chief digital and technology officer steps down in wake of damaging cyberattack

Keep an eye on your Meta Business account, these fake extensions could steal your credentials

Vietnam creditors hit by cyberattack – sensitive data at risk

Latest in News

It’s about time – Spotify is finally upgrading its free tier with these Premium-style features

Forget the iPhone 17 – these are the next 10 Apple products rumored to be coming soon

Amid a tidal wave of performance complaints on PC, the first Borderlands 4 patch has arrived to address stability – but no one knows what it does

iOS 26 lands today – here’s exactly when it’s coming to your iPhone, and which models are compatible

UK and US to sign massive tech trade deals worth billions during Trump and Big Tech tour

Cloud Hypervisor says no to AI code – but it probably won’t help in this day and age

LATEST ARTICLES

8 Cool AI tools you haven’t heard of, but should definitely try

Using La Pavoni’s Europiccola lever espresso machine is a labor of love, but the steep learning curve made me a better at-home barista

I murdered my way up a vertical city and snooped through environments in search of shiny quartz crystals in Styx: Blades of Greed, and I can’t wait to get my sneak on again

NYT Connections hints and answers for Tuesday, September 16 (game #828)

Quordle hints and answers for Tuesday, September 16 (game #1331)

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Contact Future’s experts

Terms and conditions

Privacy policy

Cookies policy

Advertise with us

Web notifications

Accessibility Statement

Future US, Inc. Full 7th Floor, 130 West 42nd Street,

Please login or signup to comment

Please wait…