EvilProxy: News PhaaS Service Lets Hackers Bypass MFA

From cyware.com

EvilProxy: News PhaaS Service Lets Hackers Bypass MFA

Researchers have discovered a new Phishing-as-a-Service (PhaaS) called EvilProxy—advertised in dark web forums—that let threat actors bypass MFA. 

EvilProxy eyes victims everywhere

Threat actors employ reverse proxy and cookie injection methods to circumvent 2FA.

  • EvilProxy has been initially identified in connection to attacks against Google and MSFT customers—who have MFA enabled on their accounts—through SMS or application tokens.
  • The threat actors aim to compromise consumer accounts belonging to Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo, and Yandex.
  • They, moreover, conduct phishing attacks against PyPi, GitHub, and npmjs and target software developers and IT engineers to gain access to their repositories. The end goal is to hack downstream targets.

Read more…