EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web

Seen on Resecurity’s blog: a reminder that our current defenses fall rapidly as nimble criminals find a work-around and that some developments enable second-tier or less sophisticated attackers to punch above their weight:

Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity has identified a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised in the Dark Web. On some sources its alternative name is Moloch, having some connection to a phishing-kit developed by several notable underground actors who targeted the financial institutions and e-commerce sector before.

While the incident with Twilio is solely related to the supply chain, cybersecurity risks obviously lead to attacks against downstream targets, the productized underground service like EvilProxy enables threat actors to attack users with enabled MFA on the largest scale without the need to hack upstream services.

EvilProxy actors are using Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim’s session.

Because I am not a security professional qualified to really present their research accurately or with any attempt at intelligent comment, I would urge readers to read  Resecurity’s article in its entirety on their site.

About the author: Dissent

Comments are closed.