‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Abnormal AI analyzed 'Starkiller', a phishing-as-a-service offered by a group calling itself Jinkusu that dynamically loads legitimate login pages in headless Chrome containers and proxies victims’ interactions to capture credentials, MFA codes, session cookies, keystrokes, and other data; the platform includes URL masking, session hijacking, geo-tracking, analytics, and automated alerts, effectively enabling real-time account takeover and lowering the barrier to entry for low-skilled criminals.