EvilProxy : l’outil pour pirater la double authentification

EvilProxy: The tool to hack double authentication

In order to connect to services of the likes of Gmail, Facebook, Microsoft or Google Docs, it is highly recommended to manually activate two-factor authentication – also known as double authentication – a real guarantee of security. The principle is simple: in addition to the usual username and password, the user must provide a second code to prove that it is actually him. This usually involves entering a code sent to the mobile number via SMS or using an application or authentication service. So if a malicious person tries to access the account using the username and password, an extra step is required before submitting the data. In short, very handy in case of phishing!

The problem is that hackers are constantly innovating their techniques and developing new strategies. The latest: the EvilProxy service – also known as Moloch – that automates phishing attacks and bypasses accounts protected by two-factor authentication on the most popular websites and online services such as Apple, Google, Microsoft, WordPress, LinkedIn or Twitter. EvilProxy is even more concerning as advertisements for this service abound on major hacker forums and are aimed at novice hackers who therefore do not have sufficient skills or knowledge to fight such giant hackers. This discovery by security researchers at Resecurity coincides with the increase in attacks on online services and double authentication mechanisms.

An all-in-one hacking platform

The first mention of EvilProxy was spotted in May 2022, and its popularity has only increased since then. One of the reasons is that it is very easy to use, even for novice hackers. Just choose the type of account to attack – Google, Meta, Yahoo, Dropbox… – via a subscription: $150 for 10 days, $250 for 20 days and $400 for 31 days paid through Telegram. Note that attacks on Google are more expensive, costing up to $600. The malicious client then configures and manages its phishing campaigns from the platform, while EvilProxy takes care of setting up the entire attack infrastructure and creating very faithfully reproduced fake login pages.

They also play a central role in the company. It all starts with a classic phishing campaign: The hacker pretends to be the target service – i.e. Facebook, Google and Co. – and contacts his victim via email, SMS, instant messaging or social networks with a message that contains a fraudulent link . The victim clicks on it and is redirected to a fake login page that asks them to enter their credentials. And this is where EvilProxy gets smart! The fake site is a proxy server that acts as an intermediary between the victim and the target site, collecting all identifying information in the process. When the person enters their credentials, the proxy transfers the information to the legitimate website. This sends the duplicate identification request back to the proxy… which in turn is sent to the victim. This sends the double identification code to the proxy, which then transmits it to the website, which sends access to the account back to the proxy. In short, EvilProxy plays the role of a hidden intermediary.

Within reach of all hackers

Unlike other such attacks – known as man-in-the-middle (MITM) attacks – EvilProxy offers an accessible and even user-friendly approach. Once subscribed to the service, hackers will receive instructional videos and detailed tutorials on how to use the tool. The user interface is clean and allows you to easily configure your campaigns. “Leasing EvilProxy is a fast learner, then cybercriminals have a cost-effective and scalable solution to run advanced phishing campaigns aimed at compromising consumers of popular online services with multi-factor authentication enabled,” says Resecurity. This demonstrates, much to the chagrin of netizens, the improvement in the arsenals available to hackers and the sophistication of their campaigns.

Sources: writing and web

In order to connect to services of the likes of Gmail, Facebook, Microsoft or Google Docs, it is highly recommended to manually activate two-factor authentication – also known as double authentication – a real guarantee of security. The principle is simple: in addition to the usual username and password, the user must enter a second code…


#EvilProxy #tool #hack #double #authentication

Leave a Comment

Your email address will not be published.