Vulnerability Management, Email security

Advanced phishing enabled by novel EvilProxy service

Threat actors could steal authentication tokens using the new reverse-proxy phishing-as-a-service platform EvilProxy in an effort to evade multi-factor authentication on Microsoft, Google, Facebook, Apple, Twitter, GoDaddy, GitHub, and PyPi, according to BleepingComputer. Usernames, passwords, and session cookies could be stolen using the EvilProxy service for $150 to $600 depending on the attack and its duration, a Resecurity report revealed. Cybercriminals looking to use EvilProxy are being vetted by the service's operators, with portal access granted upon the issuance of a deposit through Telegram. The report also showed that aside from VM, EvilProxy also provides anti-analysis and anti-bot protection to better sift phishing site visitors. "The bad actors are using multiple techniques and approaches to recognize victims and to protect the phishing-kit code from being detected. Like fraud prevention and cyber threat intelligence (CTI) solutions, they aggregate data about known VPN services, Proxies, TOR exit nodes and other hosts which may be used for IP reputation analysis (of potential victims)," said Resecurity.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.