A new hacking tool can allegedly bypass all security protections put in place to prevent cyberattacks and gain access to some of the world's most popular websites, reports suggest.
The operator behind the EvilProxy tool claims that it is capable of stealing authentication tokens needed to bypass multi-factor authentication (MFA) systems used by Apple, Google, Facebook, Microsoft, and Twitter.
The service is of particular concern because it promises to make these attacks available to all hackers, even those without the precise skills or knowledge to attack such important targets.
Phishing threat
The tool was discovered by security firm Resecurity (opens in a new tab), which notes that EvilProxy (also known as Moloch) is a phishing platform as a service (PaaS) to reverse proxy advertised on the dark web.
It offers to steal usernames, passwords, and session cookies, at a cost of €150 for ten days, €250 for 20 days, or €400 for a one-month campaign - although attacks against Google attacks will cost more, at € 250, €450 and €600 respectively.
Reverse proxies are usually located between a website and some kind of online authentication endpoint, like a login page. EvilProxy tricks its victims using phishing lures, taking them to a legitimate page where they are asked to enter login credentials and MFA information. This data is then sent to the intended legitimate website, connecting it and also generating a session cookie containing an authentication token, which is sent to the victim.
However, this cookie and authentication token can be stolen by the reverse proxy which, as stated, is between the user and the legitimate website. Attackers can then use this token to log in to the site by posing as their victim, avoiding having to re-enter information about the MFA process.
Resecurity notes that aside from the intelligence of the attack itself, which is easier to implement than other man-in-the-middle (MITM) attacks, what also sets EvilProxy apart is its user-friendly approach. After purchase, customers receive step-by-step instructional videos and tutorials on how to use the tool, which has a clean, open graphical interface where users can set up and manage their phishing campaigns.
It also offers a library of existing cloned phishing pages for popular Internet services, which with the names mentioned above include GoDaddy, GitHub, Dropbox, Instagram, Yahoo, and Yandex.
“While the sale of EvilProxy requires verification, cybercriminals now have a cost-effective and scalable solution for performing advanced phishing attacks to compromise consumers of popular MFA-enabled online services,” Resecurity noted.
“The emergence of such services on the dark web will lead to a significant increase in ATO/BEC activity and cyber attacks targeting the identity of end users, where MFA can be easily circumvented using tools like EvilProxy.”
Via BleepingComputer (Opens in a new tab)