New EvilProxy Phishing Service Allows Cybercriminals to Bypass 2-Factor Security
Reading Time: 2 minutes

According to Resecurity researchers, a new EvilProxy Phishing service allows cybercriminals to bypass 2FA security.

The cybersecurity firm in a writeup mentioned, “Security researchers found that EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2F authentication — proxifying victims’ sessions.” 

Apple iCloud, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, NPM (Node.js Package Manager), PyPI (Python Package Index), RubyGems, Twitter, Yahoo and Yandex are some of the many services compromised by the phishing links created by this platform.

EvilProxy software is malicious. It acts as an adversary-in-the-middle (AiTM) attack and gathers login information from a user on the fly.

Prices for a 31-day subscription for the kit start at $400, with hacks against Google mail accounts costing up to $600. It can be accessed over the TOR anonymity network once the payment is made manually with an operator on Telegram.

Resecurity says that after activation you will need to submit SSH credentials to deploy a Docker container, which is similar to the Frappo software, which came to light earlier this year.

EvilProxy can help businesses carry out social engineering attacks for a cost-effective solution.

It is becoming clear that hackers are developing new, sophisticated ways of phishing for user information, ones which can bypass existing security measures.

The targeting of public-facing code and package repositories such as GitHub, NPM, PyPI and RubyGems suggest that the operators are also aiming to get access to credentials for supply chain attacks.

Access to developer accounts can inject malicious code and be a goldmine for those seeking to cause damage.

The actors want to make use of software developers and IT engineers as a way to get access to downstream targets. The researchers said it’s likely their end goal is to hack them.

Related Articles:
Samsung Data Breach Revealed Some Customers’ Names, Birthdays, and More
SharkBot Android Banking Trojan Discovered Using Fake Antivirus and Cleaner Apps
Ransomware Attackers Exploit Genshin Impact Anti-Cheat System to Disable Antivirus