VoidProxy Phishing Service Hits Microsoft 365 and Google

VoidProxy phishing service is targeting Microsoft 365 and Google accounts with advanced techniques. Security researchers warn that the service enables large-scale credential theft and account takeovers. The attacks highlight growing threats from adversary-in-the-middle tactics.

How the Attacks Work

Attackers launch phishing campaigns using compromised marketing platforms and third-party email tools. Victims receive links that redirect through disposable domains protected by Cloudflare.

When users click, they see fake login pages that copy Microsoft and Google sign-in screens. In setups with SSO providers like Okta, VoidProxy replicates the process, steals input, and proxies requests.

The phishing service captures usernames, passwords, session cookies, and multi-factor authentication codes. This gives attackers full access to targeted accounts.

Why VoidProxy Is Dangerous

VoidProxy phishing service bypasses common security measures. By intercepting MFA codes and session cookies, it compromises even well-secured accounts.

The service hides its activity with disposable domains, short links, and Cloudflare worker environments. Attackers can scale operations quickly and evade detection.

Who Is at Risk

Enterprises relying on standard SSO and basic MFA face the greatest risk. High-value users with admin rights remain prime targets.

Phishing-resistant methods such as Okta FastPass reduce exposure, but many organizations still depend on weaker authentication systems.

How to Defend Against VoidProxy

Experts recommend several defensive steps:

• Restrict applications to managed devices.
• Use risk-based access policies for sensitive accounts.
• Enable IP or session binding for admin access.
• Require re-authentication before admin actions.
• Audit tokens and sessions for unusual activity.

Conclusion

VoidProxy phishing service demonstrates how attackers continue to evolve phishing techniques. By stealing MFA codes and session data, it exposes Microsoft 365 and Google accounts to compromise. Organizations must act now with stronger defenses, tighter access controls, and vigilant monitoring to reduce the risk.