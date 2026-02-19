A newly uncovered phishing kit allows cybercriminals to steal usernames and passwords with a toolkit which spoofs live login pages and bypasses multi-factor authentication (MFA) protections, cybersecurity analysts have warned.

Dubbed Starkiller, the phishing platform has been detailed by researchers at Abnormal, who have described it as “a commercial-grade cybercrime platform” and “a comprehensive toolkit for stealing identities at scale”.

The tool is distributed on the dark web like a software-as-a-service (SaaS) product, complete with a subscription model, updates and customer support.

Researchers noted that while the Starkiller name is shared with a legitimate red team penetration testing tool by BC Security, the two platforms are not related.

What makes Starkiller notable is how it differs from many other phishing kits.

Most rely on static HTML clones of the login page the attackers want to replicate. But with Starkiller, the phishing site is launched through a proxy operated by attacker-controlled infrastructure which is indistinguishable from the real login portal being used as template.