Phishing kits that bypass MFA protection are growing in popularity

2022-02-04 11:39

The increased use of multi-factor authentication has pushed developers of phishing kits to come up with ways to bypass that added account protection measure.

Proofpoint researchers have flagged three such phishing kits: Modlishka, Muraena/Necrobrowser, and Evilginx2.

"The session cookie can then be used by the threat actor to gain access to the targeted account without the need for a username, password, or MFA token," the researchers explained.

Each of the those phishing kits has its specificities.

The researchers predict that these and other similar phishing kits will become more popular as the time passes, spurred by the increasing adoption of MFA and the fact that phishing pages using a transparent reverse proxy to MitM credentials are more likely to remain unblocked for a longer time than "Regular" phishing pages.

Citing recent research results by researchers from Stony Brook University and Palo Alto Networks, Proofpoint pointed out that standard phishing sites had a lifespan of just under 24 hours while MitM phishing sites last longer, and that a non-negligible percentage of the latter have been found to last more that 20 days.

News URL

https://www.helpnetsecurity.com/2022/02/04/phishing-kits-bypass-mfa/

#bypass #MFA #phishing