The new Phishing as a Service is called EvilProxy to conduct advanced attacks with extreme ease.
The kit sells for $400 per month and allows users to bypass the dual authentication systems of major online services, including Apple, Microsoft, Facebook, Dropbox, Google and Twitter.

The renowned California-based cybersecurity firm Resecurity recently discovered a new PhaaS (Phishing-as-a-Service) under the name EvilProxy.

Such a service would allow threat actors to attack, on a large scale, users who have enabled multi-factor authentication on their accounts with both SMS and application tokens, using Reverse Proxy and Cookie Injection methods to circumvent their authentication.

How it works

The hacker wishing to carry out an act attack accesses the portal hosted in the TOR network supported by tutorials, interactive videos and configuration tips via an easy-to-use GUI interface to set up and run effective phishing campaigns.

As mentioned, EvilProxy uses reverse proxies to collect valid session cookies and bypass authentication with usernames, passwords, and 2FA tokens.

According to a process defined in several steps, attackers can thus drive victims to a phishing page and uses the reverse proxy to retrieve all the necessary login information.

Possible mitigations

The EvilProxy platform, with its easy implementation, puts an additional cost-effective and scalable solution within reach to perform advanced phishing attacks and compromise accounts of popular online services.