EvilProxy targets software developers and IT engineers

Brands vulnerable include Apple iCloud, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, NPM, PyPI, RubyGems, Twitter, Yahoo, Yandex, and more…
07 September 2022
Photo by Marek Piwnicki on Unsplash

A new phishing-as-a-service (PhaaS)toolkit called EvilProxy has been discovered by researchers at Resecurity.

EvilProxy provides an easy to use interface to attack users with accounts for major online brands, and the ability to bypass multifactor authentication (MFA).

The platform generates phishing links that are nothing but cloned pages designed to compromise user accounts associated with Apple iCloud, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex, among others.

According to Resecurity, EvilProxy sits between a victim and the real site the user is trying to connect to, capturing their valid session cookies, to bypass the need to authenticate with user names, passwords, and two-factor authentication tokens.

"It's highly likely the actors aim to target software developers and IT engineers to gain access to their repositories with the end goal to hack 'downstream' targets," the researchers said.

- CyberBeat

Latest News

<< Back to News

Reference

https://www.resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web

 

https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html

About CyberBeat

CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.

Contact CyberBeat

If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us

Terms & Policies >>

Sponsors

We couldn't do this without the support of our sponsors and contributors.