September 9th: Emerge of a new more user-friendly Phishing-as-a-Service platform +++ New stealthy Linux malware

Emerge of a new more user-friendly Phishing-as-a-Service platform

A new reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged from the darknet with the promise to grant access to mainstream accounts like Apple, Google, Facebook, Microsoft and many more, even with MFA (Multi-factor authentication). In comparison to the other used methods before, EvilProxy is more user-friendly. The Service has multiple tutorials and videos on how to set up an attack.

The service enables low-skill threat actors who do not know how to set up their own proxies. The attack starts with a phishing attack which leads the victim to a reverse server. Reverse servers are placed between the target and the company’s login form. The reverse server displays the legitimate page and forwards the inputs and requests and returns their responses from the legitimate server. When the user logs in with their MFA the reverse server copies the credentials and the session cookie. With these the attacker can login without the need of MFA.

Are you interested in more insights? Here are two sources for further information:

New stealthy Linux malware

Researchers at AT&T Alien Labs have spotted a new multi-layered Linux-focused malware dubbed Shikitega which aims to also infect endpoints and IoTs (Internet of Things). According to the researchers, the malware consists of multiple modules. Each module downloads the next module until the device is taken over.

For instance, one module installs Metasploit’s “Mettle” Meterpreter, which allows attackers to maximize their control over the infected machine with the ability to execute shell code, to take over webcams and more. Another is responsible for exploiting two Linux vulnerabilities (CVE-2021-3439 and CVE-2021-4034) to archive privilege escalation. The result will be a well-know XMRing crypto miner for Monero. Furthermore, the malware uses the “Shikata Ga Nai” encoder to reduce detection and additionally uses legitimate cloud server to store C2s (command-and-control-servers).

If you want to dig deeper, get more information on this Linus malware here:

Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.

Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.