Ddos 
The primary interface for SessionShark | Image: SlashNext
Security researchers at SlashNext have uncovered a disturbing new tool emerging in cybercrime networks: SessionShark O365 2FA/MFA. Despite marketing itself “for educational purposes,” SessionShark is a phishing-as-a-service toolkit explicitly designed to bypass Microsoft Office 365 multi-factor authentication (MFA).
“At its core, SessionShark is an adversary-in-the-middle (AiTM) phishing kit that can steal valid user session tokens to defeat two-factor authentication on Office 365 accounts,” SlashNext revealed.
SessionShark’s primary tactic is to intercept session cookies. Once a victim enters their credentials, the kit captures the session token that proves MFA was passed, enabling attackers to hijack the session without needing the victim’s OTP code. “By capturing a victim’s session cookie, attackers can bypass MFA controls and access the account without needing the one-time passcode,” the report warns.
This method, seen previously in kits like Tycoon 2FA, renders MFA ineffective once the user has been tricked into entering their credentials.
- SessionShark isn’t just another phishing kit — it’s a polished, stealth-oriented tool featuring:
- Advanced Antibot Technology: CAPTCHA-based human verification to block security scanners.
- Cloudflare Compatibility: Masking hosting infrastructure behind Cloudflare proxies to resist takedowns.
- Enhanced Stealth Features: Evasive scripts and headers to evade threat intelligence feeds and security crawlers.
- Realistic Office 365 Pages: High-fidelity replicas of Microsoft login pages that dynamically adapt to user conditions.
- Comprehensive Logging: Real-time exfiltration to Telegram bots, allowing attackers to act within seconds of a successful phish.
Interestingly, SessionShark’s creators attempt to maintain a thin veneer of legitimacy by claiming the toolkit is intended for “ethical hacking” training. However, SlashNext points out the obvious duplicity: “Phrases like ‘for educational purposes’ or ‘ethical hacking perspective’ in the ad copy are a wink and nod to buyers that this is a hacking tool, not a classroom demo.”
SessionShark also follows the growing trend of phishing-as-a-service subscriptions, offering updates, support (via Telegram channels), and user-friendly dashboards — hallmarks of modern criminal service ecosystems.
Donate