Senior executives in the United States are being targeted by a new phishing campaign that utilizes a phishing toolkit called EvilProxy. This toolkit is employed to steal login credentials and gain control of accounts. The campaign began in July 2023 and primarily focuses on industries like banking and finance, insurance, property management, real estate, and manufacturing. The hackers responsible for the campaign exploit a vulnerability on the job search platform “indeed.com” to redirect victims to counterfeit Microsoft login pages. EvilProxy acts as an intermediary between the target and the authentic login page, intercepting login credentials and other sensitive information. The hackers behind the campaign, known as Storm-0835, have numerous customers and charge monthly fees for their services. In the attacks recorded by Menlo Security, victims receive phishing emails containing links that redirect them to EvilProxy pages where their credentials are collected. The hackers exploit an open redirect flaw to circumvent security measures. This campaign resembles other attacks in which hackers employ legitimate services to create counterfeit login pages and steal account information.
Source: Hackernews
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.