MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
phishing
Search

New Tool Automates Phishing Attacks That Bypass 2FA

Wednesday January 9, 2019. 07:50 PM , from Slashdot
A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA). From a report: Named Modlishka --the English pronunciation of the Polish word for mantis -- this new tool was created by Polish researcher Piotr Duszynski. Modlishka is what IT professionals call a reverse proxy, but modified for handling traffic meant for login pages and phishing operations. It sits between a user and a target website -- like Gmail, Yahoo, or ProtonMail. Phishing victims connect to the Modlishka server (hosting a phishing domain), and the reverse proxy component behind it makes requests to the site it wants to impersonate. The victim receives authentic content from the legitimate site --let's say for example Google -- but all traffic and all the victim's interactions with the legitimate site passes through and is recorded on the Modlishka server.

Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/0OfLetqj_AI/new-tool-automates-phishing-attacks-that-bypass...
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Mar, Fri 29 - 12:17 CET