top of page
Search

EvilProxy Phishing-as-a-Service with MFA Bypass Emerged in Dark Web

Writer's picture: StormsecStormsec

Resecurity has identified a new underground service that allows cybercriminals to bypass 2FA authentication (MFA) authentication mechanisms on a large scale without the need to hack upstream services or the supply chain. EvilProxy actors are using Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim’s session




INDUSTRIES: E-Commerce, Financial


ATT&CK IDS: T1090 - Proxy, T1125 - Video Capture, T1566 - Phishing, T1040 - Network Sniffing


Read More:

7 views

Comments


Commenting has been turned off.
bottom of page