EvilProxy Phishing-as-a-Service with MFA Bypass Emerged in Dark Web
released on 2022-09-06 @ 02:03:29 PM
Resecurity has identified a new underground service that allows cybercriminals to bypass 2FA authentication (MFA) authentication mechanisms on a large scale without the need to hack upstream services or the supply chain. EvilProxy actors are using Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim’s session