EvilProxy – Phishing-As-A-Service Advertise Via Darkweb to Bypass 2FA

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing
Recently, a PaaS (Phishing-as-a-Service) platform called EvilProxy that offers reverse-proxy services has emerged on the market and was identified by the Resecurity security firm.

By exploiting this new emerging service the threat actors can bypass the MFA on the following platforms with the help of stolen authentication tokens:-

  • Apple
  • Google
  • Facebook
  • Microsoft
  • Twitter
  • GitHub
  • GoDaddy
  • PyPI

Technical Analysis

Online accounts that are well-protected can be accessed by novice threat actors using this service. During reverse proxy attacks, servers are positioned between a legitimate authentication endpoint and the targeted victim.

Reverse proxy servers display the authentic login forms in response to phishing attacks, forward requests, and return responses from the company’s servers when a victim connects to a phishing page.

In some cases, actors are using their own custom tools that are tailored to their needs. As for the rest of them, they are using kits that can be deployed much more quickly, such as:-

  • Modlishka
  • Necrobrowser
  • Evilginx2


In addition to offering a highly user-friendly GUI, EvilProxy also offers a range of features that assist threat actors in setting up and managing phishing campaigns and their detailed techniques.

In order to take advantage of the service, the user will have to pay the following prices for the opportunity to steal usernames, passwords, and session cookies. Here below we have mentioned the price list:-

  • $150: 10 days
  • $250: 20 days
  • $400: Month-long campaign

As for the costs associated with the attacks against Google accounts, they were higher, and here we have listed the price below:-

  • $250
  • $450
  • $600

On various clearnet and dark web hacking forums, the operators are actively promoting this service to potential customers. It is likely that some of the prospective buyers will be rejected by the operators because they vet the clients.

There is an individual payment arrangement for the service on Telegram that must be made in advance. The customer will have access to the TOR hosted portal after making a payment through the payment gateway.

There are several tutorials and interactive videos on the portal of EvilProxy that cover a wide range of topics regarding the setup and use of the EvilProxy service.

By using platforms such as EvilProxy and other similar platforms, low-skilled threat actors are able to steal valuable accounts with a cost-efficient method. This is a good example of bridging the skills gap through services like this.