A New tool, that can bypass 2FA | Read this before you are hacked

What email provider, you use? Gmail or Yahoo or Outlook, huh.. You check your mail daily, that’s very important. But, if I ask you what security methods you use to protect your account? Do you use only email and password, or a 2FA method (2-Factor Authentication Method like OTP through SMS..) ? – Is that enough? Well, you need to think twice while answering. There’s a new tool that can easily bypass 2FA and get into your account, this way your account could be hacked. We will discuss that you are safe, let’s dig into the topic.

Phishing New Technique Modlishka

A security researcher from Poland, published a penetration testing tool on starting of this month that can simply bypass the most loved 2 factor authentication method used in most of big company accounts. This is a big security issue that everyone should think of. One can not simply turn on the 2FA and feel safe that the account is safe now. You still have to do some steps every time you login and use your account.

So, what is this tool?

The tool, named Modlishka was released by Piotr Duszyński. He released this reverse-proxy tool on his GitHub account. Modlishka is a reverse proxy tool that sits between the user and the website that the user is accessing.

How does this work?

As you can see in this video, that the user can not easily see whether it’s a genuine website or not. The browser itself also recognizes as the website has a SSL certificate.

Is 2FA broken?

Not at all, you can; you must use this method. The standard 2FA methods are still most secured ways to protect. But, there is a U2F key (universal 2nd factor key), a physical key that you can buy online and use them to protect your accounts if you are worried more. However we will discuss below some of the important steps that you need to take for account safety.

Steps for a better safety:

  • Always check the url of the website you are visiting. The most common and popular ones you must remember. Like, facebook as facebook.com or google as google.com.
ssl certificate details
Check the company name on the certificate
  • Check the registered company name, whenever it’s available like in this case “A Medium Corporation” for medium.com website.
  • Always use a good password manager to ensure that the domain name on your browser is correct before you enter your password.
  • Keep your browsers up-to-date.
  • Regularly update your passwords and 2FA recovery codes.
  • Check the account activities and the last login data to know if anyone has access to your account.
  • Use a good VPN
  • Regularly login to your account and take a note of it.
  • Remove any device or app access for your account that you don’t use.

Another must-read article: Biggest data breach ever, check if you were affected

Subscribe to our mailing list now, for these type of articles and be safe from cyber security issues..

How did you like? – Do you still use 2FA? Tell us in the comments section below..

Leave a Reply

five × two =