This Homemade Hack Tool Can Steal Nearly All Your Credentials

It’s called EvilProxy and supposedly can bypass all security measures designed to prevent cyberattacks. This hacking tool, recently entered the big leagues, is designed to make it easier to access the most popular online sites and services without any active account.

The operator of this device claims to be able to steal the authentication tokens needed to bypass multi-factor authentication (MFA) systems used by companies such as Apple, Google, Facebook, Microsoft and Twitter.

This tool is of particular concern as it proves to be easy to use, including for novice hackers who do not have the skills or precise knowledge required to attack such important targets.

EvilProxy was discovered by security company Resecurity (will open in a new tab). This defines the tool (also known as Moloch) as a reverse proxy phishing-as-a-service (PaaS) platform whose heavy advertising circulates across the dark web.

It offers to steal usernames, passwords, and session cookies at a cost of $150 for ten days of use, $250 for 20 days, or $400 for a monthly subscription.

Reverse proxies are usually located between the target website and the online authentication form. EvilProxy deceives its victims by using honeypots, directing them to a legitimate page where they are asked to enter their login and authentication details. This data is then sent to a legitimate website that logs in and creates a session cookie containing an authentication token that is sent to the victim.

However, this cookie and authentication token can then be intercepted by a reverse proxy, which, as noted, sits between the user and the legitimate website. The hackers can then use this token to enter the site, impersonating their victim, without having to re-enter the details of the multi-factor authentication process.

Resecurity notes that in addition to the intelligence of the attack itself, which is easier to deploy than other man-in-the-middle (MITM) attacks, EvilProxy has a user-friendly approach. Upon purchase, customers receive training videos and detailed guides on how to use the tool, which has a clean and open GUI for their “customers” to set up and manage their phishing campaigns.

It also offers a library of cloned phishing pages of popular online services that, in addition to the names mentioned above, copy brands such as GitHub, Dropbox, Instagram, and Yahoo.

“Renting EvilProxy allows you to quickly learn, after which cybercriminals receive a cost-effective and scalable solution for conducting advanced phishing campaigns aimed at compromising users of popular online services that have multi-factor authentication enabled,” Resecurity clarifies.

Via BleepingComputer (will open in a new tab)

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.