LASER_oneXM

Level 33
Verified
Trust in two-factor authentication has slowly eroded in the last month after release of Amnesty International report and Modlishka tool.

A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA).

Named Modlishka --the English pronunciation of the Polish word for mantis-- this new tool was created by Polish researcher Piotr Duszyński.

Modlishka is what IT professionals call a reverse proxy, but modified for handling traffic meant for login pages and phishing operations.