Cybersecurity experts have uncovered a new phishing platform called VoidProxy that is quietly becoming a major threat. Unlike older phishing kits that attackers had to set up themselves, VoidProxy works as a Phishing as a Service platform. This means anyone can subscribe to it and run advanced phishing campaigns without much effort or technical skill.

What VoidProxy Does

VoidProxy gives cybercriminals a full set of tools to steal accounts from services like Microsoft and Google. It can even target accounts that are connected through single sign on solutions such as Okta.

Its main strength is that it can bypass multi factor authentication. Even if a user enters a correct one time password or approves a login through their phone, VoidProxy can intercept that process and use it to take over the account.

How It Works

VoidProxy uses a method called adversary in the middle. When a victim opens a phishing link, their login attempt is secretly passed through VoidProxy first. This lets the attacker collect both the username and the password. It also lets them capture the one time codes or push notifications from the second factor.

Once they have this data, the service steals the session cookies from the login. These cookies act like digital keys. With them, the attacker can log in as the victim without needing to type the password or go through multi factor checks again.

Why It Is Hard to Detect

VoidProxy uses several tricks to avoid security systems

• It sends phishing emails from real but hacked marketing accounts on services like Constant Contact and Postmark
• It hides phishing pages behind many redirects and short links
• It hosts phishing sites on cheap domain names like .icu .xyz .sbs and .top
• It uses Cloudflare services to block security scans and to hide its real servers
• It changes its domains and hosting servers very often

Attackers who use VoidProxy also get access to a dashboard where they can watch the progress of their campaigns, see who has fallen for the scam, and download stolen data.

Why This Matters

This service is dangerous because it lowers the skill barrier. Even people with little technical knowledge can launch complex phishing attacks.

It also shows that multi factor authentication alone is not enough if it relies on codes or app prompts. Only strong phishing resistant methods such as physical security keys can fully block this type of attack.

What Organisations Should Do

• Use phishing resistant authentication like security keys where possible
• Block newly registered domains and suspicious top level domains
• Monitor for unusual login patterns and impossible travel events
• Train staff to be careful with links, especially from urgent looking emails
• Use email filters that can spot and stop phishing content

VoidProxy is a clear sign that phishing is evolving fast. It is no longer something only skilled attackers can do. It is becoming a packaged service for anyone who wants to steal accounts. Understanding this new threat is the first step in stopping it.