News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • New tool (hosted by Microsoft) automates phishing attacks that bypass 2FA

    Home Forums Code Red – Security advisories New tool (hosted by Microsoft) automates phishing attacks that bypass 2FA

    This topic contains 9 replies, has 7 voices, and was last updated by

     b 3 days, 16 hours ago.

    • Author
      Posts
    • #308328 Reply

      b
      AskWoody Plus

      “Modlishka” automatically creates fake branded web pages which can intercept two-factor authentication:
      New tool automates phishing attacks that bypass 2FA
      (No need to waste time spoofing a carefully-crafted copy at your rogue domain.)

      The tool is available for download from GitHub:
      https://github.com/drk1wi/Modlishka
      2FA bypassing tool Modlishka is on GitHub for all to use

      GitHub was acquired by Microsoft seven months ago:
      Microsoft to acquire GitHub for $7.5 billion

      Microsoft is the #1 brand used for phishing, at hundreds of new fake sites every day:
      Phishers’ Favorites: Microsoft Retains the #1 Spot as Attacks Grow More Targeted

      Nearly two-thirds of all advanced email attacks impersonate Microsoft or Amazon:
      Fake Microsoft & Amazon Dominate Impersonated Brands in Email Attacks

      Modlishka’s author claims it’s for penetration testers to use in phishing test campaigns:
      Phishing NG. Bypassing 2FA with Modlishka.
      (But that seems way beyond what is necessary to filter out gullible users for education.)

      Anyone else find it odd that Microsoft would host this tool which will almost certainly be used maliciously to attack their users and gain access to business networks undetectably?

      Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker" (Group ASAP)

      6 users thanked author for this post.
    • #308397 Reply

      OscarCP
      AskWoody Lounger

      If this information is correct, perhaps the software came along with GitHub when MS bought it, and they have not realized it was there, or been too slow in removing it, or there are some contractual or legal barriers to doing that?

      In any case, such software does not seem to belong in an open developers’ platform such as GitHub, whatever the good intentions of its creator.

    • #308396 Reply

      anonymous

      It does seems to stem from the same mindset as “Steal this Book” and “burn it all down, man!”

      Really it is probably just another instance where lack of oversight in the name of freedom to distribute has allowed a bad situation. I hope it is rectified soon.

      If there is any element of intent, I would describe it as “disruptive friction”.

    • #308412 Reply

      Microfix
      AskWoody_MVP

      Github owner awareness of content probably means:
      That Windows 7 and 8.1 are the safest and greatest OSes Ever! 😛

      | W10 Pro x64 | W8.1 Pro x64 | Linux x64 Hybrids | XP Pro O/L
    • #308415 Reply

      NetDef
      AskWoody Plus

      For end-users that use an app or a hardware based U2F key, which times out every key in generally half a minute, the attackers would have to be live monitoring and attacking an account in real time.

      Therefore, we need to overload their proxy with a DDOS . . .  yes?  😀

      ~ Group "Weekend" ~

      • #309436 Reply

        b
        AskWoody Plus

        For end-users that use an app or a hardware based U2F key, which times out every key in generally half a minute, the attackers would have to be live monitoring and attacking an account in real time.

        … unless they could automate a login and disabling of 2FA to occur as soon as a security code is captured.

        Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker" (Group ASAP)

    • #308425 Reply

      MrJimPhelps
      AskWoody Plus

      GitHub was acquired by Microsoft seven months ago:
      Microsoft to acquire GitHub for $7.5 billion

      It is astounding how much money these big companies have to spend.

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
      2 users thanked author for this post.
    • #308649 Reply

      Paul T
      AskWoody_MVP

      Anyone else find it odd that Microsoft would host this tool which will almost certainly be used maliciously to attack their users and gain access to business networks undetectably?

      Implying MS has checked this software and is happy with it is a bridge too far IMO and doesn’t add value to the otherwise important information you have posted.

      cheers, Paul

      • #308713 Reply

        b
        AskWoody Plus

        Implying MS has checked this software and is happy with it is a bridge too far IMO and doesn’t add value to the otherwise important information you have posted.

        I didn’t realize I had implied that; but I reported it to Microsoft and it’s still there for general consumption, so they are apparently not yet unhappy with it.

        Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker" (Group ASAP)

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: New tool (hosted by Microsoft) automates phishing attacks that bypass 2FA

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.