#EvilProxy – Xynik

‘LockBit of phishing’ EvilProxy used in more than a million attacks every month

July 30, 2024 by Xynik

July 30, 2024 at 10:37AM EvilProxy, a phishing kit known as the “LockBit of phishing,” is being used to launch attacks using legitimate Cloudflare services to disguise malicious traffic. Criminals are offered customer support, videos, and guides to launch campaigns and disguise their activity. Notable threat actors, TA4903 and TA577, have adopted EvilProxy for their … Read more

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

November 9, 2023 by Xynik

November 9, 2023 at 03:50AM A phishing campaign has been discovered where threat actors send emails with a link to a file-sharing solution called DRACOON.team. When victims click on the link, they are directed to a PDF document containing a secondary link that leads to a fake Microsoft 365 login page. The attackers use reverse … Read more