January 9, 2019 06:50 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/0OfLetqj_AI/new-tool-automates-phishing-attacks-that-bypass-2fa
New Tool Automates Phishing Attacks That Bypass 2FA
A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA). From a report: Named Modlishka --the English pronunciation of the Polish word for mantis -- this new tool was created by Polish researcher Piotr Duszynski. Modlishka is what IT professionals call a reverse proxy, but modified for handling traffic meant for login pages and phishing operations. It sits between a user and a target website -- like Gmail, Yahoo, or ProtonMail. Phishing victims connect to the Modlishka server (hosting a phishing domain), and the reverse proxy component behind it makes requests to the site it wants to impersonate. The victim receives authentic content from the legitimate site --let's say for example Google -- but all traffic and all the victim's interactions with the legitimate site passes through and is recorded on the Modlishka server.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/0OfLetqj_AI/new-tool-automates-phishing-attacks-that-bypass-2fa
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot