Trust in two-factor authentication has slowly eroded in the last month after release of Amnesty International report and Modlishka tool.
A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA).
Named Modlishka --the English pronunciation of the Polish word for mantis-- this new tool was created by Polish researcher
Piotr Duszyński.
Modlishka is what IT professionals call a
reverse proxy, but modified for handling traffic meant for login pages and phishing operations.
ConsentFix debrief: Insights from the new OAuth phishing attack
New Rockstar 2FA phishing service targets Microsoft 365 accounts
New Google-Themed Phishing Wave Hits Over 3,000 Global Organisations![[correlate]](/data/avatars/s/79/79653.jpg?1556985072)
New Android Pixnapping attack steals MFA codes pixel-by-pixel