"Slick New Phishing-as-a-Service Kit EvilProxy Emerges"

Security researchers at Resecurity have released details about a new Phishing-as-a-Service (PhaaS) kit called EvilProxy, which offers an easy-to-use interface for attacking users with accounts for major online brands, as well as the ability to bypass multi-factor authentication (MFA). According to Resecurity, reverse proxies to attack MFA, such as Modlishka, have been available for several years, but EvilProxy allows for the easy creation and delivery of advanced phishing links via a Graphical User Interface (GUI). EvilProxy has been found to sit between a victim and the real site the user is attempting to connect to, capturing their valid session cookies in order to circumvent the need to authenticate with usernames, passwords, and/or two-factor authentication (2FA) tokens. EvilProxy can compromise accounts with major brands such as Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo, and Yandex. The PhaaS kit has been available since May of this year, according to Resecurity, and costs $400 per month to rent. This article continues to discuss the emergence of the EvilProxy PhaaS kit.

iTnews reports "Slick New Phishing-As-A-Service Kit EvilProxy Emerges"