Threat actors could steal authentication tokens using the new reverse-proxy phishing-as-a-service
platform EvilProxy in an effort to evade multi-factor authentication on Microsoft, Google, Facebook, Apple, Twitter, GoDaddy, GitHub, and PyPi, according to BleepingComputer
Usernames, passwords, and session cookies could be stolen using the EvilProxy service for $150 to $600 depending on the attack and its duration, a Resecurity report revealed.
Cybercriminals looking to use EvilProxy are being vetted by the service's operators, with portal access granted upon the issuance of a deposit through Telegram.
The report also showed that aside from VM, EvilProxy also provides anti-analysis and anti-bot protection to better sift phishing site visitors.
"The bad actors are using multiple techniques and approaches to recognize victims and to protect the phishing-kit code from being detected. Like fraud prevention and cyber threat intelligence (CTI) solutions, they aggregate data about known VPN services, Proxies, TOR exit nodes and other hosts which may be used for IP reputation analysis (of potential victims)," said Resecurity.