Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms

    justmattgBy justmattgOctober 9, 2023No Comments3 Mins Read

    [ad_1]

    Oct 09, 2023NewsroomCredential Harvesting / Hacking

    EvilProxy Phishing Kit

    Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks.

    Menlo Security said the activity started in July 2023, primarily singling out banking and financial services, insurance, property management and real estate, and manufacturing sectors.

    “The threat actors leveraged an open redirection vulnerability on the job search platform ‘indeed.com,’redirecting victims to malicious phishing pages impersonating Microsoft,” security researcher Ravisankar Ramprasad said in a report published last week.

    EvilProxy, first documented by Resecurity in September 2022, functions as a reverse proxy that’s set up between the target and a legitimate login page to intercept credentials, two-factor authentication (2FA) codes, and session cookies to hijack accounts of interest.

    Cybersecurity

    The threat actors behind the AiTM phishing kit are tracked by Microsoft under the moniker Storm-0835 and are estimated to have hundreds of customers.

    “These cyber criminals pay monthly license fees ranging from $200 to $1,000 USD and carry out daily phishing campaigns,” the tech giant said. “Because so many threat actors use these services, it is impractical to attribute campaigns to specific actors.”

    In the latest set of attacks documented by Menlo Security, victims are sent phishing emails with a deceptive link pointing to Indeed, which, in turn, redirects the individual to an EvilProxy page to harvest the credentials entered.

    This is accomplished by taking advantage of an open redirect flaw, which occurs when a failure to validate user input causes a vulnerable website to redirect users to arbitrary web pages, bypassing security guardrails.

    EvilProxy Phishing Kit

    “The subdomain ‘t.indeed.com’ is supplied with parameters to redirect the client to another target (example.com),” Ramprasad said.

    “The parameters in the URL that follow the ‘?’ are a combination of parameters unique to indeed.com and the target parameter whose argument consists of the destination URL. Hence the user upon clicking the URL ends up getting redirected to example.com. In an actual attack, the user would be redirected to a phishing page.”

    The development arrives as threat actors are leveraging Dropbox to create fake login pages with embedded URLs that, when clicked, redirect users to bogus sites that are designed to steal Microsoft account credentials as part of a business email compromise (BEC) scheme.

    Cybersecurity

    “It’s yet another example of how hackers are utilizing legitimate services in what we call BEC 3.0 attacks,” Check Point said. “These attacks are incredibly difficult to stop and identify, for both security services and end users.”

    Microsoft, in its Digital Defense Report, noted how “threat actors are adapting their social engineering techniques and use of technology to carry out more sophisticated and costly BEC attacks” by abusing cloud-based infrastructure and exploiting trusted business relationships.

    It also comes as the Police Service of Northern Ireland warned of an uptick in qishing emails, which involve sending an email with a PDF document or a PNG image file containing a QR code in an attempt to sidestep detection and trick victims into visiting malicious sites and credential harvesting pages.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleWhen Cloud Attacks Take Only 10 Minutes
    Next Article Hacktivists Enter Fray Following Hamas Strikes Against Israel
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑