Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    • Blog
      • /
    • Phishing
      • /
    • New BlackForce Phishing Kit Bypasses Multifactor Authentication

    New BlackForce Phishing Kit Bypasses Multifactor Authentication

    KnowBe4 Team | Dec 22, 2025

    MFAZscaler has published a report on a new phishing kit dubbed “BlackForce” that uses Man-in-the-Browser (MitB) attacks to steal credentials and bypass multi-factor authentication. Notably, the kit “features a vetting system to qualify targets, after which a live operator takes over to orchestrate a guided compromise.”

    Additionally, the phishing kit uses mostly legitimate code in order to avoid detection by security scanners.

    “The most effective deception tactic used by the BlackForce phishing kit is its ‘legitimate-looking’ codebase,” Zscaler says. “Our analysis found that more than 99% of the malicious JavaScript file's content consists of production builds of React and React Router, giving it a legitimate appearance.”

    The BlackForce attack chain proceeds as follows:

    1. “The victim clicks on the phishing link and is directed to an attacker-controlled phishing page.
    2. “A server-side Internet Service Provider (ISP)/vendor blocklist is applied to the victim's IP or User-Agent, blocking any traffic identified as a crawler, scanner.
    3. “After user validation, the phishing page is served and is designed to appear as a legitimate website.
    4. “The victim, believing the page is authentic, enters their credentials, which are immediately captured by the attacker.
    5. “The attacker receives real-time victim session alerts and the exfiltrated credentials to their command-and-control (C2) panel alerting them of a live target. The stolen credentials are also sent to the attacker via a Telegram channel
    6. “The attacker attempts to log into the legitimate target website using the stolen credentials, triggering an MFA authentication prompt.
    7. “Using MitB attack techniques, the attacker deploys a fake MFA authentication page to the victim’s browser through the C2 panel”
    8. “The victim's browser renders the fake MFA page, and the victim, unaware of the attack, enters their MFA code”

    Once the attacker has the MFA code, they can gain access to the victim’s account. The victim is then redirected to the legitimate website of the spoofed service.

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    Zscaler has the story.

    Topics: Phishing MFA Human Risk Management

    Find out if your organization's MFA solution
    can be hacked by cybercriminals now!

    Did you know that all MFA mechanisms can be hacked, and in some cases it's as simple as sending a phishing email? That's why it's important to know the exact security risks your MFA solution has and how your users' accounts may be compromised.

    masareport-thumbHere's how MASA works:

    • You will receive a custom link to take your assessment
    • Answer a series of technology questions relevant to your MFA solution
    • Get an instant high-level snapshot of potential risks with your MFA
    • Receive your in-depth report packed with actionable insight and detailed analysis on specific MFA attacks and tips for your top defenses 

    Assess My MFA Solution Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/multi-factor-authentication-security-assessment

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk and agent security best practices, compliance strategies and industry research to help organizations strengthen their digital defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    Posts By Topic

    View All