Online hacking has become one of the serious threats today. Certain tools are available that beat any kind of security protection on the device. These tools gain access to the device and various websites. The mind behind this tool concludes that the tool can steal the authentication tokens that can allow him to bypass the MFA system. Most companies like Google, Facebook, Apple, Twitter, etc use multi-factor authentication and use the MFA system for security. But this hacking tool can bypass the MFA system easily. This tool promises to make attacks available to all the hackers who are not much skilled to attack certain targets.
What is Evil Proxy?
This phishing-as-a-service tool is available on the Dark web. This tool turns the user session into a proxy to bypass the 2FA authentication. This tool is majorly known as EvilProxy which runs on cookie-injection and reverse proxy that finds a way to breach 2FA. The method of phishing the users is very simple. First, the users are lured to a phishing page. When the users click on a phishing page, the tool uses a reverse proxy method to get all the correct content the users expect to get such as a login page, etc. After login, this tool transfers all the traffic via the proxy. Due to this, the hackers can easily get session cookies and easily bypass the authentication like password, 2FA, etc. This EvilProxy is majorly used to attack accounts of top industries like Facebook, Microsoft, Dropbox, Twitter, Yahoo, etc.
Evolution of EvilProxy
This tool shows the evolution of possible and available phishing strategies. Some reports show that reverse proxy is often used in advanced persistent threats. Sometimes hackers also use it for cyber-espionage. With EvilProxy, this service became available to the cybercriminal marketplace. Certain researches show EvilProxy as Moloch. It was developed earlier as a phishing kit that targets financial institutions. But in some cases, this EvilProxy is somehow different from Moloch as it majorly targets big companies. The primary target of this evil tool is Google and Microsoft accounts.
Hackers or any cybercriminals get the EvilProxy on a subscription basis. The cybercriminal can plan the target like Facebook and then they can easily activate the service for a certain time according to the plan. The subscription plan has several options like 10, 20, and 31 days. Cyber Criminals can easily make the payment simply on Telegram in an arrangement that deposits the funds hosted in TOR. Others can also use services available on Dark Web-hosted on the TOR network where they can get the kit for $400 per month. If a person purchases a home portal of EvilProxy service, he gets various tutorials, phishing campaigns, etc that make it easy to configure and use the service. After activating the service, the operator must provide SSH credentials. It allows the deployment of docker containers and essential scripts for activation. After activation, all the traffic from the victim will pass via gateways. For common phishing campaigns, the attacker registers domain names that look way similar to the original one. Those domains look similar in spelling so the victim can’t find them. Using those domains attacks the victim for phishing.
EvilProxy is also well known for the recent threat on the users of PyPI which is the official repository for Python. It also made a supply chain attack related to a credential breach at Twilio. This proxy also supports attacks on GitHub that mainly use JS package manager. With its help, the service easily delivers an advanced type of phishing campaign for supply chain attacks. This type of attack mainly targets IT engineers and software developers who sometimes add compromised code to the app that increases the risk or threat. Those types of applications can get easily compromised without end users suspecting them.
Some of the evil tools also provide a library of existing cloned phishing pages. These pages are for popular internet services like GitHub, Instagram, GoDaddy, Yahoo, etc. With an increased number of EvilProxy and other phishing tools, cyber attacks have become very common. Cybercriminals can easily attack the account with cost-effective and scalable sources.
With the increase in a cyberattack, users must learn more about the device and network security. Certain security tools like antivirus, firewall, etc are available to secure the device from cyber threats. Ransomware is also one of the growing threats today. You need a good security suite that can keep the device secure. Always get a backup for all your crucial data. It majorly helps to prevent data encryption threats. You should get a regular inspection of your device. Device inspection requires advanced tools that can detect all types of threats on the device. You can get help from 24 Tech Support for device inspection. Regular device checkup ensures that the device is secured from all types of evil threats.