Beware! New EvilProxy Phishing Service Can Allow Cybercriminals To Bypass 2FA

According to the latest reports, a new phishing service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground nowadays. It is actually a medium for threat actors to bypass two-factor authentication (2FA) protections employed against online services.

EvilProxy Is using Reverse Proxy Method

Sources claimed that the platform generates phishing links that are actually cloned pages designed to compromise user accounts associated with Apple iCloud, Facebook, GoDaddy, GitHub, Google, RubyGems, Dropbox, Instagram, Microsoft, NPM, PyPI, Twitter, Yahoo, and Yandex, and many others.

The Resecurity researchers stated in a Monday write-up that:

“EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim’s session.”

This phishing service, EvilProxy is quite similar to adversary-in-the-middle. It attacks when users interact with a malicious proxy server that acts as a go-between for the target website. Furthermore, it harvests the credentials and 2FA passcodes entered in the login pages. It is offered on a subscription basis per service for a time period of 10, 20, or 31 days, with the kit available for $400 a month.  However, Attacks against Google accounts cost up to $600 per month.

The Resecurity stated while discussing another PhaaS service called Frappo that came to light earlier this year.

“After activation, the operator will be asked to provide SSH credentials to further deploy a Docker container and a set of scripts”

These kinds of services offer a “cost-effective and scalable solution” to carry out social engineering attacks. The fact is that Gaining unauthorized access to accounts and injecting malicious code into widely used projects by trusted developers can be a goldmine for threat actors, significantly making the impact of the campaigns broader.

Also Read: Qualcomm Announces Mid-Range Snapdragon 6 Gen 1 & Snapdragon 4 Gen 1 (phoneworld.com.pk)