EvilProxy Malware Steals Session Tokens bypassing MFA on Victim’s Email Account

11 August 2023

The reason this works so well, is that the victim’s sessions appear to work just fine while logging into their 365 account. The hacker’s stolen session key allows them to bypass MFA allowing them to setup a new MFA token, change forwarding rules and do anything else they want as they have already been granted access to the hacked users O365 email account.

Source: CyberHoot

Date:

11 August 2023

Categorie(s):

NEWS

Tag(s):

Advisory, Blogs, Malware, MFA, Sessions

Reliable Web App Pattern: Now Optimizes Azure Migration with Enhanced Infrastructure and Security28 April 2024
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks28 April 2024
Good Security Is About Iteration, Not Perfection.28 April 2024
Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 202428 April 2024
Security budgets are growing, but so is vendor sprawl27 April 2024