‘EvilProxy’ Helps Bad Actors Break Into Your Accounts

Your accounts are constantly under attack. Bad actors always look for new ways to break into services such as iCloud, Microsoft, and Facebook. When they don’t know how to do it themselves, they turn to underground experts for help. EvilProxy, a “phishing as a service” toolkit, is just that kind of help. What is phishing as a service? Phishing as
September 11, 2022
 / 
meritsolutions
 / 
Image

Your accounts are constantly under attack. Bad actors always look for new ways to break into services such as iCloud, Microsoft, and Facebook. When they don’t know how to do it themselves, they turn to underground experts for help. EvilProxy, a “phishing as a service” toolkit, is just that kind of help.

What is phishing as a service?

Phishing as a service, or PaaS, is a concerning trend where cybercriminals sells their skills to those looking to get into phishing. Usually, this comes in the form of “toolkits,” which give the user everything they need to know about executing a successful phishing campaign, including email templates designed to appear from legitimate organizations, templates for scam websites to direct victims to, and even occasionally a repository of victims to contact.

PaaS is so elaborate, hackers even include “tech support” to help customers with their phishing needs. Often, those purchasing PaaS resources are new to the world of phishing, and sometimes new to technology as well, so this tech support is “necessary” for them to get their feet off the ground.

EvilProxy

EvilProxy is the latest such toolkit designed to help wannabe scam artists in their phishing endeavors. Specifically, it’s designed to break MFA (multi-factor authentication), which is an important barrier between your accounts and bad actors.

EvilProxy uses “reverse proxy and cookie injection methods to proxify” your web session, creating phishing links cloned from legitimate web pages you would typically visit. These websites include Dropbox, Facebook, GitHub, GoDaddy, Google, iCloud, Instagram, Microsoft, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex.

When all is said and done, these phony web pages trick you into entering your credentials, including your MFA code, which gives phishers all they need to know to break into your accounts.

For bad actors in the market for a PaaS toolkit, EvilProxy offers subscriptions of 10, 20, or 31 days. It costs $400 a month, paid through the chat app Telegram. That sounds expensive, but according to The Hacker News, Google toolkits cost up to $600 per month.

How to protect yourself against EvilProxy, and other PaaS toolkits

Luckily, employing your cybersecurity best practices is a strong defense against EvilProxy. EvilProxy only works when bad actors are able to trick you into entering your information into fake webpages. Anytime you sign into an account, whether that be Instagram, iCloud, or Microsoft, ensure the webpage is legitimate. If it’s in doubt, open the webpage manually in an incognito window, or another browser entirely.

Never enter your username, password, or MFA code (especially your MFA code) onto a website unless you are sure you are visiting a legitimate page. MFA codes are not easy to obtain for bad actors, so tricking you into handing it over yourself is really their only weapon.

Photo by Mika Baumeister on Unsplash

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.