Senior Executives Beware: The Rise of EvilProxy Phishing Campaigns

Rise of EvilProxy Phishing CampaignMenlo Security warns that a social engineering campaign is using the EvilProxy phishing kit to target senior executives across a range of industries, including banking and financial services, insurance, property management and real estate, and manufacturing.

EvilProxy allows threat actors to conduct adversary-in-the-middle (AitM) attacks by “harvesting session cookies enabling threat actors to bypass MFA protections.”

The phishing campaign exploited an open-redirect vulnerability affecting the job listing site Indeed. This allowed the attackers to craft a phishing link that appeared to lead to Indeed’s legitimate website, but redirected to a spoofed Microsoft login page. The attack chain is as follows:

  • “Victim receives the phishing mail containing the Indeed link."
  • “The unsuspecting victim clicks on the indeed link inside the mail which redirects the victim to the fake Microsoft login page."
  • “This phishing page is deployed with the help of the EvilProxy phishing framework fetching all the content dynamically from the legitimate login site."
  • “The phishing site acts as a reverse proxy, proxying the request to the actual website."
  • “The attacker intercepts the legitimate server’s requests & responses."
  • “The attacker is able to steal the session cookies."
  • “The stolen cookies can then be used to login to the legitimate Microsoft Online site, impersonating the victims & bypassing non-phishing resistant MFA.”

Menlo Security expects to see an increase in the use of EvilProxy to launch these types of attacks.

“Account compromise only forms the preliminary stages of an attack chain that could possibly end up in a Business Email Compromise where the potential impact could range from identity theft, intellectual property theft and massive financial losses,” the researchers write.

“There is a high probability that we can see a surge in the usage of ‘EvilProxy’. Firstly, it is easy to use with a simple interface with tutorials and documentation easily available on the dark web. The ability to circumvent MFA makes this a powerful tool in the arsenal for cybercriminals.”

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Menlo Security has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews