Stony Brook University and Palo Alto Networks researchers have discovered 1,220 phishing sites using man-in-the-middle phishing toolkits that could intercept and bypass two-factor authentication codes between March 2020 and March 2021, which was significantly higher than the nearly 200 active phishing sites with reverse proxies between late 2018 and 2019, The Record
Researchers were able to discover the MitM phishing kits through the PHOCA tool they developed to identify reverse proxy use in phishing sites
The growing prevalence of MitM phishing kits has been attributed to their mostly free nature and ease of use. Threat actors could also access numerous tutorials regarding MitM phishing kits and widespread collaboration requests found on hacking forums have enabled a quick understanding of such phishing scheme. Most phishing operations are also expected to integrate MitM capabilities amid increasing implementation of 2FA across online services.
The findings have been presented at the ACM Conference on Computer and Communications Security held last month.