According to reports, a new hacking tool can allegedly bypass all security measures put in place to stop cyberattacks and access some of the most prominent websites in the world.
The creator of the EvilProxy application claims that the MFA methods used by companies like Apple, Google, Facebook, Microsoft, and Twitter can be circumvented by stealing the authentication tokens required for each account.
The service is especially troubling since it guarantees that all hackers, including those who might not have the specific abilities or expertise required to attack such well-known targets, will have access to such attacks.
Phishing danger
Security company Resecurity(opens in new tab) says it found the programme and that EvilProxy (also known as Moloch) is a reverse-proxy PaaS (Phishing-as-a-Service) platform that is promoted on the dark web.
For $150 for ten days, $250 for twenty days, or $400 for a month-long campaign, it offers to collect usernames, passwords, and session cookies; however, assaults against Google will cost more, costing $250, $450, and $600 respectively.
Reverse proxies frequently stand in the way of a website and an online authentication endpoint, like a login page. Using phishing lures, EvilProxy deceives its victims into visiting a respectable page where they are prompted to enter their login credentials and MFA information. Once this information has been transmitted to the targeted, genuine website, the user is logged in and a session cookie with an authentication token is created and given to the victim.
The reverse proxy, which, as mentioned, is situated between the user and the actual website, can then take this cookie and the authentication token. Bypassing the necessity to re-enter information for the MFA process, the attackers can use this token to log in to the website while pretending to be their victim.
According to Resecurity, the attack's intelligence and ease-of-use make it stand out from other man-in-the-middle (MITM) assaults. EvilProxy also stands out for its user-friendly design. Customers who purchase the tool are provided thorough training and instructional videos on how to use it. The application offers an easy-to-use graphical user interface where users can set up and manage their phishing campaigns.
Along with the names mentioned above, it also provides a library of already-existing cloned phishing pages for well-known online businesses including GoDaddy, GitHub, Dropbox, Instagram, Yahoo, and Yandex.
While the sale of EvilProxy requires approval, attackers now have a practical and scalable method for carrying out sophisticated phishing attacks against users of well-known online services that support MFA, according to Resecurity.
"The emergence of such services on the dark web will result in an exponential rise in ATO/BEC activity and cyberattacks targeting the identity of the end users, where MFA may be readily circumvented with the aid of tools like EvilProxy."
These are the top firewalls (opens in new tab) currently on the market, according to BleepingComputer.