Security News > 2022 > September > New EvilProxy service lets all hackers use advanced phishing tactics
A reverse-proxy Phishing-as-a-Service platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. The service enables low-skill threat actors who don't know how to set up reverse proxies to steal online accounts that are otherwise well-protected.
The difference between these phishing frameworks and EvilProxy is that the latter is far simpler to deploy, offers detailed instructional videos and tutorials, a user-friendly graphical interface, and a rich selection of cloned phishing pages for popular internet services.
Cybersecurity firm Resecurity reports that EvilProxy offers an easy-to-use GUI where threat actors can set up and manage phishing campaigns and all the details that underpin them.
In the following video, Resecurity demonstrates how an attack against a Google account would unfold through EvilProxy.
Resecurity's test of the platform confirmed that EvilProxy also offers VM, anti-analysis, and anti-bot protection to filter out invalid or unwanted visitors on the phishing sites hosted by the platform.
Platforms like EvilProxy essentially bridge the skill gap and offer low-tier threat actors a cost-efficient way to steal valuable accounts.