HQ/EMEAFind out how we can help your business
The EvilProxy phishing campaign targets job seekers after releasing malicious kits to compromise Indeed.com users.
A new phishing campaign has been targeting executives from various industries, focusing on United States-based organisations, such as banking, insurance, property management, real estate, and manufacturing sectors.
This new cybercriminal operation emerged a couple of months ago through an open redirection vulnerability on one of the most well-known job search platforms, Indeed.com. The phishing attack became unique compared to other campaigns since it utilises the EvilProxy phishing kit, a sophisticated tool part of the Adversary in the Middle (AiTM) phishing method.
The EvilProxy phishing toolset operates like a reverse proxy that could establish its operators between the user and the legitimate website. This strategic positioning enables phishing operators to quietly harvest session cookies, which is critical in bypassing security measures like multi-factor authentication (MFA). Moreover, the campaign’s phishing pages impersonate Microsoft’s login page, which could lure unsuspecting victims.
The new attack against Indeed.com is reliant on an open redirection flaw.
The new Indeed.com phishing campaign uses an open redirection vulnerability to initiate an attack against website users. The open redirection attack method is when an app redirects users to an untrusted external domain. Attackers commonly use these schemes to exploit users’ trust and mislead them into thinking they are accessing a malicious site.
In addition, the EvilProxy phishing campaign has a two-step infection process. The first part of the attack is that the phishing pages retrieve content from legitimate login sites. Next, the attackers will intercept server communications and steal session cookies once the user interacts with these pages.
Hence, these stolen cookies could allow the threat actors to impersonate the victims and bypass MFA to acquire unauthorised access to personal and sensitive information. This new phishing activity has shown that the threat actors have a sophisticated tactic that could deceive targets using trusted platforms like Indeed.com.
Everyone should possess basic cybersecurity knowledge to avoid these attacks. Lastly, organisations should adequately educate their employees through regular training sessions to avoid such threats and prevent malicious actors from acquiring credentials that could result in the loss of valuable assets.
