Security News > 2022 > September > EvilProxy phishing-as-a-service with MFA bypass emerged on the dark web
Resecurity has recently identified a new Phishing-as-a-Service called EvilProxy advertised in the Dark Web.
While the incident with Twilio is solely related to the supply chain, cybersecurity risks obviously lead to attacks against downstream targets, the productized underground service like EvilProxy enables threat actors to attack users with enabled MFA on the largest scale without the need to hack upstream services.
EvilProxy actors are using Reverse Proxy and Cookie Injection methods to bypass 2FA authentication - proxyfying victim's session.
Early occurrences of EvilProxy have been initially identified in connection to attacks against Google and MSFT customers who have MFA enabled on their accounts - either with SMS or Application Token.
The functionality of EvilProxy also supports GitHub and npmjs enabling supply chain attacks via advanced phishing campaigns.
While the sale of EvilProxy requires vetting, cybercriminals now have a cost-effective and scalable solution to perform advanced phishing attacks to compromise consumers of popular online services with enabled MFA. The appearance of such services in Dark Web will lead to a significant increase in ATO/BEC activity and cyberattacks targeting the identity of the end users, where MFA may be easily bypassed with the help of tools like EvilProxy.
News URL
https://www.helpnetsecurity.com/2022/09/06/evilproxy-phishing-as-a-service/
Related news
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)
- What Is the Dark Web? (source)
- What It Costs to Hire a Hacker on the Dark Web (source)
- Russia sentences Hydra dark web market leader to life in prison (source)
- Russia gives life sentence to Hydra dark web kingpin after seizing a ton of drugs (source)
- Scumbag gets 30 years in the clink for running CSAM dark-web chatrooms, abusing kids (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)