New tool automates phishing attacks that bypass 2FA
At the start of this year, Polish researcher Piotr Duszyński published Modlishka, a new penetration testing tool that makes the automation of phishing attacks easier than ever before, and even allows attackers to bypass two-factor authentication (2FA) for targeted accounts.
Modlishka is considered a reverse proxy that sits between a user and a targeted website, like an email client. A victim that clicks on a phishing link, will be connected to the Modlishka server and end up on a fake copy of the intended website. Meanwhile, Modlishka opens a connection with the actual website and makes sure that login credentials entered by the victim on the fake website, are secretly entered on the actual site as well, allowing threat actors to gain access to the account.