Okta Exposes VoidProxy: Businesses And Consumers On Alert

Okta Threat Intelligence has uncovered a new service called VoidProxy that lets attackers rent out fake login pages to steal Microsoft and Google accounts.

VoidProxy works like a subscription service for crime. Instead of building their own tools, attackers can pay for access to a complete phishing campaign “in a box” - including the servers, domains, phishlets (fake login pages) and reporting dashboards they need to perform their attacks. These phishing kits capture usernames, passwords, and even one-time codes in real time, letting criminals break into accounts protected by these specific forms of multi-factor authentication.

With tens of millions of Microsoft 365 and Google Workspace users across Asia, the potential exposure is huge. Compromised accounts can be used to commit fraud, steal data, or disrupt critical business operations, with significant financial and reputational consequences for businesses.

“Criminals don’t need to build the infrastructure required for phishing themselves; they just rent them for a small fee and start stealing passwords and security codes. That lowers the bar so anyone can launch attacks that once required expert hackers,” said Brett Winterford, VP of Threat Intelligence at Okta.

The Warning

Cybercrime has shifted to an as-a-service model, making advanced attacks available to almost anyone.

Traditional log-ins (passwords, SMS codes, and app-based one-time passcodes) can all be bypassed.

Compromised accounts translate directly into financial loss, fraud, and brand damage.

What to Do Now

For businesses:

Roll out phishing-resistant authentication such as passkeys or Okta FastPass.

Monitor for abnormal login behaviour using adaptive risk tools.

Treat identity as financial infrastructure - a board-level risk, not just an IT issue.

For consumers:

Enable passkeys or phishing-resistant MFA if available.

Act immediately if warned about unusual account activity.

© Scoop Media