Skip to content
Home ยป EvilProxy can purportedly beat MFA on popular sites

EvilProxy can purportedly beat MFA on popular sites

EvilProxy

According to rumours, a new hacking tool EvilProxy may bypass cyberattack safeguards and access major websites.

EvilProxy can steal authentication tokens to defeat Apple, Google, Facebook, Microsoft, and Twitter’s MFA systems.

The service is especially worrisome because it promises to make such assaults available to all hackers, even those without the necessary skills or experience.

Scammers pose a phishing threat

EvilProxy (also known as Moloch) is a reverse-proxy Phishing-as-a-Service platform sold on the dark web.

It offers to steal usernames, passwords, and session cookies for $150 for ten days, $250 for 20 days, or $400 for a month-long campaign. Google attacks cost more: $250, $450, and $600.

Reverse proxies sit between a website and a login page. EvilProxy uses phishing tactics to deceive victims into entering login credentials and MFA information. The genuine website receives this information and uses it to register the user and generate a session cookie with an authentication token.

The reverse proxy, which lies between the user and the actual website, can steal the cookie and authentication token. Attackers can use this token to log in as their victim, bypassing MFA.

EvilProxy’s user-friendly approach makes it unique from other man-in-the-middle (MITM) assaults, Resecurity observes. Clients receive instructional videos and instructions on how to manage phishing assaults using the tool’s clean, open graphical interface.

It also offers cloned phishing pages for prominent online services including GoDaddy, GitHub, Dropbox, Instagram, Yahoo, and Yandex.

“While EvilProxy requires vetting, attackers now have a cost-effective and scalable tool to undertake complex phishing assaults,” Resecurity said.

“The advent of such services in the dark web will enhance ATO/BEC activity and cyberattacks targeting end-user identities, where MFA can be readily overcome with EvilProxy.”

Leave a Reply

Your email address will not be published. Required fields are marked *