'LockBit of phishing' EvilProxy used in more than a million attacks every month The developers of EvilProxy – a phishing kit dubbed the "LockBit of phishing" – have produced guides on using legitimate Cloudflare services to disguise malicious traffic. This adds to the ever-growing arsenal of tools offering criminals who lack actual technical expertise to get into the digital thievery biz. EvilProxy is a …
"Whoever runs EvilProxy offers ... YouTube videos on how to use the service"
Youtube, "to protect its subscribers", will suspend your account for playing 6 seconds of broadcast radio when demonstrating the testing of a repaired device. They also allow a worldwide scam team to use YT channels to demonstrate how to conduct illegal behaviour uncontested ...
Glad to see where their moral compass points.
Treat any unsolicited email with links in it as probably phishing.
To make this work businesses need to start taking the high moral ground by not sending out emails that look like phishing emails - i.t. they are unsolicited and have links in them. They then need to publicise that emails claiming to be from themselves with links in them are phishing. They will probably need to enforce it by immediately terminating any employee who sends emails which look like phishing emails. Given that the "lets spam our customers because they're agog to learn about our latest brain-fart" mentality has spread so far into upper manglements that it will be very difficult to eliminate this.
The monthly emails I receive from my bank start with the following instructions:
Your monthly statement is ready and waiting – view it now in three simple steps:
1. Visit our website using the link below, then log into the Internet Bank.
The footer of that very same email contains the following:
We will:
never ask you over the phone to disclose your PIN, card reader codes or one-time codes.
never ask you to log into the Internet Bank, directly from a link in an email or text.
never ask you to move money to a ‘safe account’.
A couple of months ago my boss asked me to look up something called evilginx, then he joined a meeting with a client. 20 minutes later he finished his meeting and turned to see me leaning back on my chair with my hands behind my head not doing anything.
In a very "why aren't you working?" tone of voice he asked me if I had looked up that program he mentioned. I pressed the enter key on my keyboard to send him a teams message with a URL to a fully functional o365 phishing server* that laughs at the MFA he has been preaching to clients as the saviour of IT security for the last few years**.
If you work in IT and have any responsibility over user accounts, you need to set aside 20 minutes to deploy it on a VM*** - and several days for subsequent internal discussion... If your entire IT team doesn't shit themselves after seeing it for themselves it is because they don't understand what they are seeing!
Since then I have been investigating every phishing email that gets reported to our helpdesk as part of an effort to come up with some kind of technical defence, and evilginx isn't as advanced as some of the servers I have seen in the wild...!
This stuff is well known to "the bad guys". If it is part of your job to defend against such things then you need to know what you are up against... And if you read the comment section of the register then it is probably an interesting thing to set up as well!
* There are pre-written config files for every major service you might want to phish.
** I of course have pointed out that MFA can be intercepted every time I heard him doing this, but he always dismissed that as some pedantic hypothetical thing that nobody really needs to worry about...
*** This was "from scratch", including deploying a new VM and configuring DNS records!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
