The adoption of two-factor authentication (2FA) as an account protection method pushes phishing actors to turn to reverse-proxy solutions that are becoming increasingly popular.
According to a report from Unit 42 of Palo Alto Networks, these attacks, otherwise called ‘meddler in the middle,’ are effective enough to get around existing defenses and break down the brittle wall of perceived security.
The increased demand for reverse-proxy services that help phishing actors snatch two-factor authentication codes from their victims has resulted in the opening of two new platforms in 2022, assisting the technique to proliferate further.
How MitM Attacks Work
In traditional phishing attacks, the victim is lured into entering their credentials (username/email + password) on a phishing site. Then the threat actors may use the stolen pairs to log in to the victim’s account.
If two-factor authentication is active on the account, the account owner will receive a one-time password (OTP) on their mobile via SMS or email. In other cases, authentication apps are used, which generate OTPs periodically for this purpose.
Whatever the method, the 2FA step would block account takeover attacks as the threat actors wouldn’t have a way to guess the correct OTP.
This problem is solved by reverse proxy services such as Elivginx2, Modlishka, Muraena, EvilnoVNC, and EvilProxy. The last two were launched in 2022, offering more advanced features and user-friendly GUI-based environments.
Currently available reverse-proxying phishing tools
The platforms help phishing actors forward login requests to the actual services, relay 2FA requests back to the