Evilginx: Dangerous web server tricks MFA
A malicious mutation of the widely used nginx web server facilitates malicious adversary-in-the-middle attacks. Sophos X-Ops has analyzed the criminal potential of Evilginx in a test setup and offers tips for protection. Evilginx is malware based on the legitimate and widely used open-source web server nginx. It can be used to steal usernames, passwords, and session tokens, and it offers attackers a chance to bypass multi-factor authentication (MFA). How Evilginx works: At its core, Evilginx uses the legitimate and popular nginx web server to route web traffic through malicious websites. These are then used by the threat actors…