Researchers have discovered a new Phishing-as-a-Service (PhaaS) called EvilProxy—advertised in dark web forums—that let threat actors bypass MFA.
EvilProxy eyes victims everywhere
Threat actors employ reverse proxy and cookie injection methods to circumvent 2FA.
- EvilProxy has been initially identified in connection to attacks against Google and MSFT customers—who have MFA enabled on their accounts—through SMS or application tokens.
- The threat actors aim to compromise consumer accounts belonging to Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo, and Yandex.
- They, moreover, conduct phishing attacks against PyPi, GitHub, and npmjs and target software developers and IT engineers to gain access to their repositories. The end goal is to hack downstream targets.