As reported on “The Hacker News” website on 6-Sep-22:
A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services.
“EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim’s session,” Resecurity researchers said in a Monday write-up.
The platform generates phishing links that are nothing but cloned pages designed to compromise user accounts associated with Apple iCloud, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex, among others.
EvilProxy is similar to adversary-in-the-middle (AiTM) attacks in that users interact with a malicious proxy server that acts as a go-between for the target website, covertly harvesting the credentials and 2FA passcodes entered in the login pages.
It’s offered on a subscription basis per service for a time period of 10, 20, or 31 days, with the kit available for $400 a month and accessed over the TOR anonymity network after the payment is arranged manually with an operator on Telegram. Attacks against Google accounts, in contrast, cost up to $600 per month.
Read more by clicking the button below.