Thousands of phishing toolkits have been identified that can intercept 2FA security codes and bypass security, according to a team of researchers. Hackers can intercept 2FA verification processes using a variety of phishing techniques.
The rise of phishing toolkits
In recent years, man-in-the-middle (MitM) phishing toolkits have grown in popularity.
Over 1,200 toolkits were discovered to be in use, according to the researchers. The rise in popularity appears to be related to IT companies making 2FA the default security option.
New tools are being used by attackers to steal users’ authentication cookies, which are files created in a web browser whenever a person registers into an account after completing the two-factor authentication process.
The attackers utilised a form of infostealer to steal authentication cookie files from machines in the majority of cases.
Another method, known as MitM, involves intercepting authentication cookies as they travel from the service provider to the user’s device. This does not necessitate the use of malware to infect a machine.
According to reports, attackers are steadily improving their previous phishing toolkits to include a wider range of approaches.
MitM vs. real-time phishing
- When a user interacts with a phishing site, real-time phishing occurs when an operator sits in front of a web panel. When it’s time to enter 2FA codes, threat actors send the user an email, SMS, or authenticator app asking for the actual 2FA code.
- Hackers steal the 2FA token and use it on the genuine site, creating an unofficial but legal link between their system and the victim’s account.
- Because user login sessions tend to run out of time rapidly and every re-authentication attempt demands a new 2FA code, real-time hacking is ideal for breaking into online banking services.
- However, when users are given more lenient regulations about user login sessions, everything changes. In these situations, MitM phishing assaults are appropriate.
- Phishing kits are used by hackers to relay traffic between a phishing site, the victim, and a legitimate service.
Furthermore, the majority of these MitM phishing toolkits in use by attackers are based on security researcher-created tools such as Evilginx, Modlishka, and Muraena.
Phishing toolkits are becoming more widely used and popular among cybercriminals. These toolkits are simple to use, and the most of them are free. Vulnerable enterprises, on the other hand, can employ a reverse proxy and a tool called PHOCA to identify a phishing site.