Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Share post:

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool, called Evilginx, is being used to bypass multi-factor authentication (MFA) in attacks targeting major email providers like Gmail, Outlook, and Yahoo.

Evilginx operates as a man-in-the-middle proxy, intercepting and manipulating traffic between users and legitimate websites. This allows attackers to steal login credentials, session cookies, and other sensitive information, even when MFA is in place.

The tool is typically used in attacker-in-the-middle (AiTM) phishing campaigns. In these attacks, cybercriminals set up fake websites mirroring legitimate ones. When users enter their login information and MFA token, Evilginx captures this data and forwards it to the real site in real-time.

What makes Evilginx particularly dangerous is its ability to capture session cookies. These cookies validate a user’s session after MFA is completed, allowing attackers to bypass the extra security step entirely.

The open-source nature of Evilginx has contributed to its popularity among cybercriminals. Some are even offering it as a service to others who lack the technical skills to configure it themselves.

One notable user of Evilginx is the Star Blizzard APT group, linked to Russia’s Federal Security Service. They’ve employed the tool in spear-phishing campaigns targeting high-profile individuals and organizations.

Cybersecurity experts warn that traditional defences, including basic MFA, may no longer be sufficient against these sophisticated phishing threat. Not surprisingly, Abnormal Securities post recommends their AI-powered solutions that can detect and block these attacks before they reach users’ inboxes. Whether that’s the ultimate solution, it is clear that this threat does present a dangerous workaround to MFA, something that many of us have come to rely on as a gold standard for online security. 

(for more discussion on this topic, check out our podcast Cyber Security Today, Week in Review on Apple, Spotify, YouTube and anywhere else you get podcasts. Or you can find it on our site under Podcasts.)

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Disney reported to be dumping Slack following 1.1 terabytes data theft

Disney is reportedly dumping messaging appSlack following a massive data breach in July, highlighting the ongoing challenges companies...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways