Starkiller PhaaS: The Reverse-Proxy Phishing Platform That Makes MFA Irrelevant

Executive Summary

A threat group calling itself Jinkusu has released a phishing-as-a-service (PhaaS) platform named Starkiller that fundamentally changes what attackers can accomplish without technical expertise. Unlike legacy phishing kits that rely on static HTML clones of login pages, Starkiller spins up a headless Chrome browser inside a Docker container, loads the real target website, and serves as a live reverse proxy between victim and legitimate service.

The implications are severe: every credential, every one-time passcode, every session token passes through attacker-controlled infrastructure — in real time. MFA doesn’t fail. It completes exactly as designed, and the attacker walks away with an authenticated session they can use immediately. Researchers at Abnormal AI who analyzed the platform’s control panel in February 2026 described it as “enterprise-grade phishing infrastructure” packaged for cybercriminals who need no understanding of reverse proxies, certificates, or container management to launch a campaign.

This is not a one-off tool. It is a subscription-based platform, sold openly with marketing copy, dashboards, analytics, and a 99.7% claimed success rate. Every security team that still treats MFA as a sufficient authentication safeguard needs to reconsider that assumption now.

What Is Starkiller PhaaS?

Starkiller is a commercial-grade cybercrime platform distributed with the polish of a legitimate SaaS product. It is the creation of the Jinkusu threat group, which maintains an active user forum where customers discuss techniques and request support — a full cybercrime ecosystem wrapped around a single phishing framework.

What distinguishes Starkiller from the long lineage of phishing toolkits is its architecture. Where traditional kits maintain static HTML files that mimic a target’s login page — files that age out the moment the real site updates its CSS, break when logos change, and get fingerprinted by security vendors within days of release — Starkiller eliminates that entire problem class.

Instead, the operator pastes a real brand URL into a polished control panel. Starkiller then:

Spins up a Docker container running a headless Chrome browser instance
Loads the brand’s actual login page directly from the legitimate server
Acts as a live reverse proxy, relaying all traffic between the victim and the real site
Logs everything in transit: keystrokes, form submissions, cookies, session tokens

The victim sees the real website — authentic HTML, CSS, JavaScript, and assets served from the legitimate infrastructure. The URL is the only signal something is wrong, and Starkiller’s URL masking tools are specifically designed to neutralize that warning sign.

Because the phishing page is never stored as a static file, there are no template artifacts for security vendors to fingerprint. Blocklists go stale within minutes. Detection logic built around known phishing kit signatures simply does not apply.

The MFA Bypass Mechanism

The core threat intelligence insight about Starkiller is this: it does not break MFA — it renders MFA irrelevant.

Traditional phishing attacks capture credentials and then fail at the MFA step. The attacker has a username and password, but without the time-sensitive OTP or push approval, they cannot log in. This is the model that made MFA such a compelling control — it adds a second factor that static credential capture cannot obtain.

Starkiller bypasses this entirely through the reverse proxy architecture. Here is the step-by-step authentication flow:

Victim clicks a Starkiller phishing link and lands on what appears to be the genuine login portal for Microsoft, Google, Apple, or another target brand
Victim enters username and password — the proxy forwards these to the real login service
The real service responds with an MFA challenge (OTP, push notification, or authenticator code)
The victim receives this challenge and completes it — again, through the proxy
The real service accepts the MFA response and issues an authenticated session token or cookie
Starkiller intercepts this session token before it reaches the victim’s browser
The attacker now holds a valid, authenticated session with no further authentication required

The victim may never realize anything happened. The login may appear to succeed normally, or they may receive a generic error message. Meanwhile, the attacker is already in.

This is adversary-in-the-middle (AitM) attack methodology at scale, with the friction removed. One-time passcodes, push approvals, and TOTP codes — the controls most organizations rely on to satisfy MFA policy requirements — are completely ineffective against this model. As Shane Barney, CISO at Keeper Security, summarized it: “Users interact with real login pages, enter valid credentials and complete MFA challenges successfully, yet the entire session is quietly relayed through attacker-controlled infrastructure.”

The resulting session cookie is the entry point, not the credential. And session cookies have no expiry that the attacker needs to defeat — only whatever the service’s own session timeout policy enforces.

Starkiller’s Feature Set: An Attacker’s Operations Platform

The control panel documented by Abnormal AI researchers Callie Baron and Piotr Wojtyla reveals an operator experience designed for productivity at scale:

Real-time session monitoring: Operators can live-stream the victim’s screen as they interact with the proxy. This allows manual intervention, targeted social engineering during the session, or simply watching account takeovers unfold.

Keylogger capture: Every keystroke is logged independently of form submission, capturing partial inputs, corrections, and anything typed in search fields.

Cookie and session token theft: The primary takeover vector. Authenticated sessions are captured and accessible immediately.

Geo-tracking: Victim IP-based geolocation for targeting or reporting.

Automated Telegram alerts: Operators receive push notifications the moment credentials land — enabling rapid account takeover before the victim has a chance to notice unusual activity or trigger lockout.

Campaign analytics: Conversion rates, visit counts, and performance graphs — the same metrics a legitimate marketing platform would provide. Operators can optimize their lure links based on actual data.

URL Masker tool: Generates deceptive URLs that mimic legitimate domains. The technique exploits URL parsing behavior: the @ symbol in a URL causes everything before it to be interpreted as credential/userinfo data, while the actual destination domain follows. The victim sees login.microsoft.com@[malicious-domain].ru — the Microsoft portion appears prominent while the real destination is the attacker-controlled server. URL shorteners (TinyURL, is.gd, v.gd) are integrated to obscure the destination further.

Financial fraud modules: Specialized capture for credit card numbers, crypto wallet seeds, bank credentials, and payment information — extending the platform’s use case beyond corporate account takeover.

EvilEngine Core: An obfuscation module that the platform claims makes phishing links “completely undetectable” to security scanning infrastructure.

Fake software update templates: Lures designed to trick victims into downloading malicious payloads under the guise of Chrome or Firefox browser updates.

All of this operational infrastructure — Docker engine management, image builds, container lifecycle, certificate handling — is abstracted behind the control panel. An operator with no networking or systems knowledge can run enterprise-scale phishing campaigns.

Comparison to Previous PhaaS Platforms

Starkiller is not the first proxy-based phishing service, but it represents a meaningful evolution beyond its predecessors.

Evilginx2 (open source, 2017–present): The original adversary-in-the-middle phishing framework. Requires operators to configure “phishlets” — YAML files that define how to proxy specific targets — manage DNS, configure SSL certificates, and maintain server infrastructure. Effective, but demands substantial technical skill. Used heavily in red team engagements. The manual setup burden limits its adoption among lower-skilled threat actors.

EvilProxy (commercial, emerged 2022): The first major commercial PhaaS offering built around reverse proxy methodology. EvilProxy lowered the bar significantly by providing a subscription service with pre-built templates for major platforms. It found real traction in the criminal ecosystem — observed in campaigns targeting executives at Fortune 500 companies through 2023 and 2024. However, EvilProxy still relied on template-based approaches for some targets, and its infrastructure signatures became increasingly recognized by security vendors over time.

Starkiller (commercial, 2026): Eliminates templates entirely. The live headless browser approach means there are no static phishing page files to fingerprint, no template updates required when target sites change, and no degradation of the phishing experience over time. The Docker containerization means the operator doesn’t manage infrastructure at all. The integrated campaign analytics, Telegram alerting, and URL masking tools create a complete end-to-end attack platform. The barrier to entry is now essentially zero for anyone with a subscription.

The trajectory is clear: each generation of PhaaS tooling removes another layer of required technical competency and adds another layer of operational capability. Starkiller is the current apex of that evolution.

Real-World Targets and Campaigns

The Starkiller platform is designed to support impersonation of high-value targets including Microsoft, Google, Apple, Facebook, Amazon, Netflix, PayPal, and a range of financial institutions. This target list mirrors the most credential-dense services in enterprise and consumer environments — and the most frequently phished brands globally.

The integrated financial fraud modules (credit card capture, bank credential theft, crypto wallet draining) suggest Starkiller operators are not exclusively focused on corporate account takeover. The platform is versatile enough to serve both financially motivated cybercriminals targeting individuals and threat actors pursuing corporate network access through compromised employee credentials.

The Jinkusu group’s active user forum indicates an established and growing customer base. Subscribers receive support, discuss targeting strategies, and share operational improvements — a full criminal support ecosystem. The marketing copy advertising a 99.7% success rate suggests either genuine effectiveness or aggressive marketing positioning, but either way indicates the platform is being actively sold and used.

Mobile users represent a particularly exposed population. As Kern Smith, SVP at Zimperium, noted in response to the Starkiller research: “Mobile users are the main target of phishing attacks, especially through SMS and QR codes,” and they “frequently authenticate through apps and browsers outside the visibility of traditional security tools, making credential theft and account takeover harder to detect.” URL masking techniques that appear suspicious on a desktop may be completely invisible in a mobile browser that truncates the address bar.

Detection and Defense Recommendations

Given Starkiller’s architecture, traditional phishing defenses are insufficient. Here is what actually helps:

Deploy Phishing-Resistant Authentication

This is the only control class that is architecturally immune to reverse-proxy phishing. FIDO2/WebAuthn hardware security keys and passkeys are cryptographically bound to the legitimate origin domain during registration. When a user authenticates through a proxy — even one serving a pixel-perfect replica of the real login page — the authentication will fail because the domain does not match. The session token the attacker captures is either absent or invalid.

TOTP (time-based OTP), SMS codes, and push-based MFA are not phishing-resistant. Organizations that rely on these as their primary MFA mechanism remain exposed to Starkiller and similar platforms. Migrating high-risk user populations — privileged accounts, finance teams, executives — to hardware keys is the most impactful single action available.

Implement Conditional Access and Session Controls

Adaptive authentication policies that evaluate login context — device posture, IP reputation, location, time-of-day — can surface anomalies even after a session token is captured. An attacker using a stolen session from a Russian IP address when the account normally accesses from Chicago should trigger policy enforcement. Session lifetime restrictions reduce the window of opportunity for captured tokens.

URL and Link Inspection at Scale

Train email security gateways to detonate links in sandboxes rather than relying on static blocklist matching. Starkiller’s EvilEngine Core may bypass signature-based scanning, but behavioral detonation — actually loading the URL and observing what happens — is harder to defeat. Specifically flag URLs containing the @ character, which are rarely legitimate in corporate email and almost always abusive.

User training should specifically cover the URL bar as the primary trust signal, including how the @ trick can make malicious URLs appear to display trusted brand names.

Browser Isolation

Browser isolation solutions that render pages in a remote cloud environment before displaying results to the user add a layer between the victim’s actual session and attacker-controlled infrastructure. While not a complete solution, they reduce the attack surface for credential capture techniques.

Zero-Trust Session Validation

As Shane Barney emphasized: “Identity security must extend beyond the moment of authentication.” Continuous session validation — device fingerprinting, behavioral analytics, IP consistency checking — can detect account takeovers that succeed at the authentication layer. If the session token is being used from a different device, browser, and geography than expected, that is a signal to re-authenticate or terminate.

When an attacker uses a stolen session, their behavior often diverges from the legitimate user’s patterns. UEBA (User and Entity Behavior Analytics) tools that baseline normal activity — which files are accessed, what emails are sent, what admin actions are taken — can flag account takeovers even when authentication itself appeared clean.

Conclusion: Key Takeaways

Starkiller represents a genuine step-function change in the accessibility and effectiveness of adversary-in-the-middle phishing. The threat model that organizations built their MFA strategy around — “even if credentials are stolen, the second factor protects the account” — does not hold against proxy-based phishing.

What security teams must internalize:

MFA is not an authentication silver bullet. TOTP and push-based MFA are phishing-replayable. They remain valuable controls against credential stuffing and password spray, but they do not protect against real-time proxy interception.
The phishing page will look real. Because it is the real page. Defenses predicated on users spotting visual discrepancies have never been reliable; Starkiller makes them completely irrelevant.
The barrier to entry is now effectively zero. Any threat actor with a subscription and a browser can run a campaign targeting Microsoft or Google credentials. Volume of phishing attacks using proxy methodology will increase.
FIDO2/passkeys are the right answer for high-risk accounts. They are the only authentication mechanism that is architecturally immune to this attack class.
Post-authentication monitoring matters more than ever. When the authentication event itself cannot be trusted, behavioral detection downstream becomes the critical last line of defense.

The criminal ecosystem is iterating faster than most security programs. Starkiller is the current best-in-class tool; the next generation is already being built. Security programs that are not actively moving toward phishing-resistant authentication are accepting a risk exposure that grows with every new customer Jinkusu acquires.

Sources: Abnormal AI threat research (Callie Baron, Piotr Wojtyla, February 2026); Security Boulevard; Krebs on Security; Dark Reading; Keeper Security; Zimperium.