A new phishing-as-a-service (PhaaS)toolkit called EvilProxy has been discovered by researchers at Resecurity.
EvilProxy provides an easy to use interface to attack users with accounts for major online brands, and the ability to bypass multifactor authentication (MFA).
The platform generates phishing links that are nothing but cloned pages designed to compromise user accounts associated with Apple iCloud, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex, among others.
According to Resecurity, EvilProxy sits between a victim and the real site the user is trying to connect to, capturing their valid session cookies, to bypass the need to authenticate with user names, passwords, and two-factor authentication tokens.
"It's highly likely the actors aim to target software developers and IT engineers to gain access to their repositories with the end goal to hack 'downstream' targets," the researchers said.
- CyberBeat
CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.
If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us
We couldn't do this without the support of our sponsors and contributors.