By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Security Parrot - Cyber Security News, Insights and ReviewsSecurity Parrot - Cyber Security News, Insights and Reviews
Notification
Latest News
Malicious WhatsApp spreads through legitimate applications
October 16, 2022
Scammers fake Windows problems, forcing users to call them back
October 15, 2022
Another 0-day bug has been found in Microsoft Exchange, and LockBit ransomware operators are exploiting it
October 15, 2022
Microsoft has fixed more than 80 vulnerabilities, but there are still no patches for ProxyNotShell
October 14, 2022
Roskomnadzor regularly updates the list of blocked VPN services
October 14, 2022
Aa
  • News
  • Tutorials
  • Security InsiderComing Soon
  • Expert InsightComing Soon
Reading: EvilProxy phishing platform offers 2FA bypass for Apple, Google, Microsoft, GitHub and more
Share
Security Parrot - Cyber Security News, Insights and ReviewsSecurity Parrot - Cyber Security News, Insights and Reviews
Aa
Search
  • News
  • Tutorials
  • Security InsiderComing Soon
  • Expert InsightComing Soon
Follow US
Security Parrot - Cyber Security News, Insights and Reviews > News > EvilProxy phishing platform offers 2FA bypass for Apple, Google, Microsoft, GitHub and more
News

EvilProxy phishing platform offers 2FA bypass for Apple, Google, Microsoft, GitHub and more

Last updated: 2022/09/08 at 4:42 PM
Security Parrot Editorial Team Published September 8, 2022
Share
SHARE

Resecurity experts discovered the EvilProxy phishing platform that offers reverse proxies to unskilled attackers and promises to steal authentication tokens to bypass multi-factor authentication (MFA) at Apple, Google, Microsoft, Twitter, GitHub, GoDaddy, Facebook* and so on.

The way EvilProxy works is quite simple: when a victim visits a phishing page, the reverse proxy shows them a legitimate login form, redirects requests, and returns responses from the company’s real website. When the victim enters their credentials and MFA code on the phishing page, they are also redirected to the server of the real company, and the session cookie is returned in response.

As a result, the attacker’s proxy gets the opportunity to steal this cookie containing the authentication token. This token can then be used to log into the site on behalf of the affected user, bypassing the protection of multi-factor authentication.

Hackers have been using reverse proxies to bypass MFAs for quite some time now. Some groups even create their own tools for this purpose, while others use easier-to-deploy phishing kits like Modlishka, Necrobrowser, and Evilginx2.

According to the researchers, the difference between these phishing kits and EvilProxy is that the latter is even easier to deploy, offers detailed training videos and tutorials, has a user-friendly graphical interface, and a rich selection of cloned phishing pages for popular Internet services.

EvilProxy promises its customers that they will be able to steal usernames, passwords, and session cookies for as little as $150 for 10 days, $250 for 20 days, or $400 for a monthly subscription. Interestingly, attacks on Google accounts cost more — $250/450/600, respectively.

In the video below, Resecurity analysts demonstrate how an attack on a Google account through EvilProxy will unfold.

The researchers write that EvilPro is actively advertised on various hacker forums (including XSS, Exploit and Breached), platform operators carefully check future customers, and payment for services is discussed individually via Telegram.

Testing of the phishing platform by experts confirmed that EvilProxy additionally offers virtual machines, anti-analysis, and bot protection to its customers to filter out unwanted visitors from phishing pages.

“Attackers use several methods to recognize victims and protect their phishing kit code. As fraud prevention and cyber threat intelligence solutions, they collect data on known VPN services, proxy servers, TOR exit nodes, and other hosts that can be used to analyze IP (potential victims) reputation,” the Resecurity report says.

Weekly Updates For Our Loyal Readers!

Security Parrot Editorial Team September 8, 2022
Share this Article
Facebook Twitter Email Copy Link Print

Archives

  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

You Might Also Like

News

Malicious WhatsApp spreads through legitimate applications

October 16, 2022
News

Scammers fake Windows problems, forcing users to call them back

October 15, 2022
News

Another 0-day bug has been found in Microsoft Exchange, and LockBit ransomware operators are exploiting it

October 15, 2022
News

Microsoft has fixed more than 80 vulnerabilities, but there are still no patches for ProxyNotShell

October 14, 2022

© 2022 Parrot Media Network. All Rights Reserved.

  • Home
  • Parrot Media Group
  • Privacy Policy
  • Terms and Conditions
Join Us!

Subscribe to our newsletter and never miss our latest news, podcasts etc..

Zero spam, Unsubscribe at any time.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?