Security News > 2022 > February > MFA adoption pushes phishing actors to reverse-proxy solutions
The rising adoption of multi-factor authentication for online accounts pushes phishing actors to use more sophisticated solutions to continue their malicious operations, most notably reverse-proxy tools.
The increasing use of MFA has pushed phishing actors to use transparent reverse proxy solutions, and to cover this rising demand, reverse proxy phish kits are being made available.
These newer kits are more advanced because they now integrate an MFA snatching system, which enables threat actors to steal login credentials and MFA codes that would normally protect the account.
As depicted below, when a victim logs into the phishing page, the kit sends the MFA to the genuine online service, intercepts the session cookie, and optionally forwards it to the victim.
Proofpoint has seen three kinds of phishing kits that employ reverse proxying systems, one using Modlishka, another using Muraena/Necrobrowser, and one relying on Evilginx2.
Although the existence and implications of these tools have been well documented, the problem remains largely unaddressed, and as more phishing actors turn to using them, making MFA less secure.