“By offering this sophisticated PhaaS, VoidProxy lowers the technical barrier for a wide range of threat actors to execute AitM phishing attacks. Accounts compromised using PhaaS platforms facilitate numerous malicious activities such as business email compromise (BEC), financial fraud, data exfiltration and lateral movement within victim networks.”
Service has anti-analysis features
The VoidProxy platform has been able to evade analysis until this point by using multiple layers of anti-analysis features, including compromised email accounts, multiple redirects, Cloudflare Captcha challenges, Cloudflare Workers and dynamic DNS services, Okta said.
An attack works like this: Phishing lures are sent from compromised accounts of legitimate email service providers (ESPs) such as Constant Contact, Active Campaign (Postmarkapp), NotifyVisitors, and others. The hope is that these message sources will fool spam filters.
