Cybersecurity researchers are saying that there are these shady email tricks that use something called Rockstar 2FA to grab Microsoft 365 login info. It's like a tool that bad guys use, and it's actually pretty clever because it can get around that extra security step where you have to type in a code from your phone or whatever.
These two researchers, Diana and John, said it's like someone is pretending to be you on the internet, so even if you have that two-step login thing on, you can still get hacked. This Rockstar 2FA thing is actually a new version of something called DadSec, but it's got a cooler name, right?
So, these cyber baddies are basically renting this tool for $200 for two weeks or $350 for a whole month. It's like a subscription service for cheating, but instead of homework, it's for stealing your stuff. It's easy to use, even if you don't know much about computers, and you can spam a lot of people at once.
It's got some sneaky features too, like it can skip that two-step login thing, grab those special cookies, and it won't get caught by the internet's robot police. It even has a fancy control panel where the bad guys can keep an eye on their sneaky work.
They've seen these emails using all sorts of sneaky ways to get you to click on them, like pretending to be about files you need to check out or signing something important. And the pages they send you to look just like the real deal, except they're totally fake.
They're using big company names like Google and Atlassian to make you feel safe, but it's all a lie. And there's this other scam with these fake betting games on social media that are just trying to take your money and info. They make it look like a real game where you could win, but really, it's just a trap to steal your stuff.
Some people have lost over $10,000 because of these apps! So, be super careful what you click on and always check if something seems fishy. And remember, if it's too good to be true, it probably is.