Once Muraena has the victim on a phony site that looks like a real login page, users will be asked to enter their login credentials, and 2FA code, as usual. Muraena intercepts traffic between the user and the target website, acting as a proxy between the victim and a legitimate website. Think of Muraena as the clever bank robber, and NecroBrowser as the getaway driver. The two tools work together like the perfect crime duo. The hack employs two tools, called Muraena and NecroBrowser, which work in tandem to automate the attacks. A video of the presentation was posted on YouTubeon June 2, bringing renewed attention to how hackers are getting better at penetrating extra layers of security, despite people using stronger tools, like 2FA. The attack was first demonstrated at the Hack in the Box Security Conference in Amsterdam last month. However, security experts have demonstrated an automated phishing attack that can cut through that added layer of security-also called 2FA-potentially tricking unsuspecting users into sharing their private credentials. Two-factor authentication, the added security step that requires people enter a code sent to their phone or email, has traditionally worked to keep usernames and passwords safe from phishing attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |