Threat Awareness – Phishing Kits Allow Threat Actors to Bypass MFA

A reverse-proxy Phishing-as-a-Service (PaaS) toolkit, dubbed EvilProxy, is being advertised on cybercriminal marketplaces. EvilProxy provides threat actors with the means to bypass multi-factor authentication (MFA) on Apple, Google, Microsoft, and other prominent web applications. This specific PaaS toolkit utilizes a session hijacking proxy attack, where the threat actor sits in between the user and target website or application and are able to harvest authentication credentials. Like many exploit kits, EvilProxy offers its malicious customers a user-friendly GUI where attackers are provided detailed instructional videos and tutorials and the ability to manage phishing campaigns. This service could enable low-skill attackers the ability to target well defended organizations and potentially cause significant damage or disruption. For mitigation information including IOCs read more at HelpNetSecurity or read more at BleepingComputer.