In the aftermath of the recent Twilio hack that led to the disclosure of 2FA (OTP) codes, cybercriminals are continuing to enhance their attack tools to prepare complex phishing campaigns that are targeted at people all over the world.
A brand-new Phishing-as-a-Service (PhaaS) called EvilProxy was recently uncovered by Resecurity and was being advertised on the Dark Web. Other sources claim that Moloch, a different name for the attacker, is tied to a phishing toolkit developed by several well-known underground players who have previously targeted financial institutions and the e-commerce sector.
Even if the Twilio problem is only related to the supply chain, a productized underground service like EvilProxy enables threat actors to attack users with enabled MFA on the widest scale without having to compromise upstream services. While assaults against downstream targets are inevitable as a result of cybersecurity vulnerabilities.
EvilProxy actors utilize Reverse Proxy and Cookie Injection techniques to bypass 2FA authentication by proxyfying the victim’s session. This highlights the significance of a rise in assaults on online services and MFA authorization procedures. Such tactics were previously utilized in targeted operations by APT and cyberespionage groups, but they have now been successfully monetized by EvilProxy.
Based on the continuous investigation into the outcomes of assaults against numerous people from Fortune 500 companies, Resecurity was able to discover a lot about EvilProxy, including its structure, modules, functionality, and the network infrastructure used to carry out malicious actions. Attacks on Google and Microsoft users who have MFA enabled on their accounts, either through SMS or Application Tokens, were linked to the first reports of EvilProxy.
Early in May 2022, the developers of EvilProxy released a video demonstrating how it could be used to send out sophisticated phishing links meant to compromise user accounts for well-known companies like Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo, Yandex, and others.
