New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2 Factor Security


The criminal underworld is promoting a new phishing-as-a-service (PhaaS) toolkit called EvilProxy as a way for threat actors to get beyond the two-factor authentication (2FA) safeguards put in place against internet services.

The software creates phishing links, which are merely cloned pages intended to hijack user accounts with a variety of services, including Apple iCloud, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex, among others. Read More…