Phishing-as-a-service is an area that is increasing rapidly according to research by security vendor Barracuda Networks, which says it has detected a “massive spike” in PhaaS attacks in the first two months of this year.
#phishing #phaas #tycoon2fa #evilproxy #infosec #cybersecurity #barracuda #technews
Account Compromise Arms Race: The Rise of Phishing-as-a-Service
#EvilProxy #ONNXStore
https://abnormalsecurity.com/blog/account-compromise-phishing-as-a-service
🚨 ALERT: Fake #YouTube links redirect to #phishing pages
Using the Uniform Resource Identifier authority (URI), phishers obfuscate links and place a legitimate resource address, like http://youtube, at the beginning of URLs to deceive users and make the link appear authentic and safe.
📌 The attackers are also abusing other services. We’ll keep monitoring and sharing the details with you, so your company can make effective decisions to address the threat.
Take a look at the example and gather #IOCs:
https://app.any.run/tasks/ace1b2b4-1c1a-4669-a3fc-231d473bc3b9/?utm_source=mastodon&utm_medium=post&utm_campaign=uri_phishing&utm_term=090125&utm_content=linktoservice
👨💻 Use this search request to find more sandbox sessions and improve the precision and efficiency of your organization's security response:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=uri_phishing&utm_content=linktoti&utm_term=090125#%7B%2522query%2522:%2522commandLine:%255C%2522youtube.com%2525%255C%2522%2522,%2522dateRange%2522:180%7D
Technically, the URI Scheme replaces the userinfo field (user:pass) with a domain name: foo:// <user:pass> @ domain . zone
📝 Attributes
#Storm1747 domain infrastructure — checkers, redirectors and main pages — has a standard template for #Tycoon 2FA #phishkit installed.
The technique of replacing userinfo is also employed by various other phishing kits, such as #Mamba 2FA and #EvilProxy.
🚀 Analyze and investigate the latest #malware and phishing threats with ANYRUN
Cybercriminals are using a new phishing technique called "EvilProxy" to steal your personal information! Stay safe online.
https://thehackernews.com/2023/10/cybercriminals-using-evilproxy-phishing.html?m=1
This (or something similar) overlaid on your Tenancy Background image might help against #EvilProxy pages
https://medium.com/@martinconnarty/adversary-in-the-middle-detection-44dca2f79943
EvilProxy, which was first documented by Resecurity in September 2022, acts as a reverse proxy between the target and a legitimate login page.
[Threatview.io] Checkout our latest collection of IOC for "SUSPECTED" #Evilproxy domains on #virustotal identified using our proactive hunter's domain telemetry.
#microsoft365 #phishing campaign leads to takeover of #MFA protected accounts via #EvilProxy
#EvilProxy used in massive cloud account takeover scheme
https://securityaffairs.com/149348/hacking/cloud-account-takeover-scheme-evilproxy.html
#securityaffairs #hacking #phishing
@evaristegal0is #evilproxy strikes again. Script kiddies are running wild with this lately.
From the #EvilProxy Telegram channel:
It appears they're using https://auth.acme-dns.io/ as their way of generating subdomains.
"Hi friends, we have problem with add new domains in system bcs 3party website is down (https://auth.acme-dns.io) if some one has info what's wrong with it share pls. we are looking for tmp solution."
As of now the site is still down. Returning 404. @DomainTools shows a pDNS record from the acme resolved IP that uses the same subdomain pattern seen in EvilProxy phishing campaigns.
[Threatview.io] ⚡ Latest collection of #evilproxy domains on #virustotal as seen from our proactive hunter domain telemetry 👇
virustotal.com/gui/collection/1906094a8c4a7a9e55b5fecaecda9c68b2f7a2986db9d04c60236a0de92f8099
#EvilProxy service lets all #hackers use advanced #phishing #tactics
