A safety protocol can now be bypassed by a hacker tool Modlishka. Trust in two-factor authentication has slowly eroded in the last month.
IT professionals deem Modlishka as a reverse
“It sits between a user and a target website –like Gmail, Yahoo, or ProtonMail. Phishing victims connect to the Modlishka server (hosting a phishing domain), and the reverse proxy component behind it makes requests to the site it wants to impersonate.
The victim receives authentic content from the legitimate site –let’s say for example Google– but all traffic and all the victim’s interactions with the legitimate site passes through and is recorded on the Modlishka server. ” ZDNet
Anything the user types in (email addresses, passwords, etc.) are automatically recorded in the Modlishka backend panel. In the meantime, the reverse proxy prompts users for the 2FA tokens. If these tokens are collected in real-time, they can be used to log into victims’ accounts.
Hacker Tool Appeal
Due to Modlishka’s simple design, cyber attackers do not need to waste time perfecting templates to clone legitimate sites, since all the content is retrieved from legitimate sites in real-time.
All that is required is a phishing domain to host the Modlishka server and a valid TLS certificate to avoid alerting users of the lack of an HTTPS connection. The final step is to configure a simple config file that unloads victims onto the real legitimate site at the end of the phishing operation before they notice the suspicious phish domain. This tool is easy to maintain and difficult to be detected by its victims.
Duszyński described Modlishka as a point-and-click and easy-to-automate system that requires minimal maintenance, unlike previous phishing toolkits used by other penetration testers.
Modlishka In Action
In an Amnesty International Report, released in December, disclosed that advanced state-sponsored actors are using phishing systems incorporated with tools that bypass two-factor authentication.
Duszyński was asked why he released such a dangerous tool on GitHub. His answer is quite intriguing.
“This status quo, and lack of awareness about the
risk,is a perfect situation for malicious actors that will happily exploit it.”
Secure Your Digital Life
While protecting your account with two-factor authentication isn’t as much of a safety net as once believed, it is more important now to pay attention to domains when entering credentials. If not, you might be handing over your email address and password combination of your bank account to a cybercriminal.
Original Article Found Here.