Explained: How this phishing platform is helping amateur hackers bypass multi-factor authentication
What are reverse proxies?
Reverse proxies are hidden servers between a user and a legitimate authentication endpoint (e.g. a corporate login form). Whenever a user is attacked by such a phishing site, the reverse proxy displays a legitimate login form, forwards the requests and returns a response from the company’s website so that the user is less suspicious. more doubtful. Furthermore, when the victim enters their credentials and MFA into the phishing page, they are even forwarded to the actual server of the company, so that the user can log in without any reason. no worries and the session cookie is returned.
However, it’s important to note that a hacker’s proxy is hiding between the user and the company’s servers, and it can also steal session cookies that contain authentication codes. The hacker then uses this authentication cookie to log into the website by impersonating the user and can even bypass the configured multi-factor authentication protections.
How is EvilProxy different from other phishing frameworks?
EvilProxy is said to allow hackers to set up and manage phishing campaigns that are also much easier to deploy. Furthermore, the platform even offers detailed video tutorials, a user-friendly graphical interface, and a list of cloned phishing sites for popular internet services.
Hackers can pay $400 for a month-long campaign on the platform that promises to steal usernames, passwords, and session cookies. Furthermore, the report also shared videos demonstrating how EvilProxy stole data from Google and Microsoft 2FA accounts. In addition, EvilProxy is also rumored to provide various tools to filter out unwanted visitors on platform-hosted phishing websites.
Many hackers are now turning to reverse proxy tools as MFA adoption continues to increase, and the availability of platforms that automate everything for these attackers is not good news for professionals. security experts, network administrators, and most importantly, end users.