#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

EvilProxy | Breaking Cybersecurity News | The Hacker News

Category — EvilProxy
Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware

Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware

Mar 07, 2024 Malware / Network Security
Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. "The threat actor is distributing Remote Access Trojans (RATs) including  SpyNote RAT  for Android platforms, and  NjRAT  and  DCRat  for Windows systems," Zscaler ThreatLabz researchers  said . The spoofed sites are in Russian and are hosted on domains that closely resemble their legitimate counterparts, indicating that the attackers are using typosquatting tricks to lure prospective victims into downloading the malware. They also come with options to download the app for Android, iOS, and Windows platforms. While clicking on the button for Android downloads an APK file, clicking on the Windows app button triggers the download of a batch script. The malicious batch script is responsible for executing a PowerShell script, ...
Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms

Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms

Oct 09, 2023 Credential Harvesting / Hacking
Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named  EvilProxy  to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in July 2023, primarily singling out banking and financial services, insurance, property management and real estate, and manufacturing sectors. "The threat actors leveraged an open redirection vulnerability on the job search platform 'indeed.com,'redirecting victims to malicious phishing pages impersonating Microsoft," security researcher Ravisankar Ramprasad  said  in a report published last week. EvilProxy , first documented by Resecurity in September 2022, functions as a reverse proxy that's set up between the target and a legitimate login page to intercept credentials, two-factor authentication (2FA) codes, and session cookies to hijack accounts of interest. The th...
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

Jan 14, 2025SaaS Security / Generative AI
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025. What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third-party risk. And, this growing attack surface, much of which is unknown or unmanaged in most orgs, has become an attractive target for attackers. So, why should you prioritize securing your SaaS attack surface in 2025? Here are 4 reasons. ‍ 1. Modern work runs on SaaS. When's the last time you used something other than a cloud-based app to do your work? Can't remember? You're not alone.  Outside of ...
Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Aug 10, 2023 Cyber Threat / Online Security
Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations worldwide between March and June 2023. Nearly 39% of the hundreds of compromised users are said to be C-level executives, including CEOs (9%) and CFOs (17%). The attacks have also singled out personnel with access to financial assets or sensitive information. At least 35% of all compromised users had additional account protections enabled. The campaigns are seen as a response to the increased adoption of multi-factor authentication (MFA) in enterprises, prompting threat actors to evolve their tactics to bypass new security layers by incorporating adversary-in-the-middle ( AitM ) phishing kits to ...
cyber security

2024: A Year of Identity Attacks | Get the New eBook

websitePush SecurityIdentity Security
Prepare to defend against identity attacks in 2025 by looking back at identity-based breaches in 2024.
New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

Sep 06, 2022
A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim's session," Resecurity researchers  said  in a Monday write-up. The platform generates phishing links that are nothing but cloned pages designed to compromise user accounts associated with Apple iCloud, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex, among others. EvilProxy is similar to adversary-in-the-middle ( AiTM ) attacks in that users interact with a malicious proxy server that acts as a go-between for the target website, covertly harvesting the credentials and 2FA passcodes entered in the login pages. It's offered on a subscription basis per service...
Expert Insights / Articles Videos
Cybersecurity Resources