Phishing is a careful attempt to get sensitive and private information by using a malicious and suspected website by personifying a legitimate source. This is usually done by Hackers to steal Money or get properties, get access to social websites, auction sites, banks even UT administration. Modlishka virus is a type of virus that serves as a phishing tool. It is an open source Phishing tool with a unique feature that supports 2FA authentication. It is different from other phishing tool because, it is easy to use, very user friendly. This allows full access and control of the targets site. It is the latest and most efficient 2FA.
The tool is very powerful and takes practice to get used to its features. Modlishka is a simple tool that operates on the same server as the phishing site. This tool doesn’t clone the targets website but behaves like a reverse proxy with carefully and convincingly giving the user the content they desire without the user knowing. Some may say this is a dangerous tool and may not be wise publicizing it but the main aim is to simulate various phishing attacks against 2FA that are out there and it gives an insight of the vulnerability of this type of security.
Before we go any further, let’s give a detailed insight of what the 2FA authentication entails and why Modlishka is important. There is a special attraction criminals have for digital accounts of government, companies and individuals. There is a need to protect theses accounts from the malicious acts of these criminals, this is one of the reason we need tools like Modlishka. Secondly, there is increase in the number of data breaching, hacking and other cyber crimes. There have also been reports of lose of personal data by users of the internet. Surprisingly, these people are becoming very sophisticated with new innovations that make it difficult for the old security systems to track them down, theses activities may lead to loss of reputation in companies and lots of organizations and the aftermath is very devastating.
This act may lead to complete drain of an entire bank. Studies have even revealed that over $16 Billion was stolen from 15.4 million US consumers in 2016. With the reasons stated above it is deemed necessary that a tight security is needed to protect internet users from these thieves and also to help catch them and that extra level of security may be two-factor authentication 2FA. The two-factor authentication is an extra security that ensures the person accessing any account is who they say they are. Where they are required to provide certain information and the second factor could be either something only you know (secret questions), something you have or something you are which may be your voice print or fingerprint. With this security, there is a very slim chance of any body getting to know your 2FA code correctly.
There are different types of 2FA available, some of the common types are; the hardware Token for 2FA is the oldest where a 2FA code is created every 30 seconds for the user to input into the app or website. Then the SMS Text-Message and Voice-based 2FA where a one-time password is sent to the user phone after he/she inputs a username and password. There is also a push Notification for 2FA where the app or site sent a notification to the user for he or she to approve or decline the transaction. Other types are; Biometric 2FA that requires fingerprints, facial recognition or retina pattern.
Modlishka uses 2FA and that is why it is one of the most powerful phishing tools. With Modlishka you only need a phishing domain and a valid TLS certificate. This does not require you to recreate the website. With this tool, We do not break the 2FA. It always requires a right reverse proxy to target the domain over an encrypted trusted browser. With this, it may be difficult to detect anything wrong. Modlishka is for educational purpose and for penetration of those malicious actors. Most people believe it can also be used to make phishing campaign very effective but the tool rely on 2FA hardware token and the 2FA codes tend to be time-restricted, often changing every 30 seconds. As such, an attacker may have to be monitoring the phish in real-time to maximize the account access. With this, users can use their regular password managers with their unique password together with the 2FA security.
With Modlishka today, your data, information and resources are more secured.