The Sneaky Hack That's Hijacking Accounts 37 Times Faster Than Before

A new wave of phishing attacks is sweeping the internet, using a clever technique to trick victims into giving away access to their accounts. These attacks have surged 37 times in just a few months, and experts are warning that they're getting more sophisticated by the day. Here's what you need to know to stay safe.

Key Takeaways

• Device code phishing attacks have surged 37 times in recent months
• These attacks use a legitimate login flow to trick victims into giving away access
• Multiple phishing kits are available, making it easy for cybercriminals to launch attacks

In This Article

• What is Device Code Phishing?
• How Does Device Code Phishing Work?
• The Rise of Phishing Kits
• Expert Insights
• Staying Safe from Device Code Phishing
• The Future of Phishing

What is Device Code Phishing?

So, what exactly is device code phishing? In simple terms, it's a type of attack where a hacker sends a fake login request to a service provider, gets a code, and then tricks the victim into entering that code on a legitimate login page. This gives the hacker access to the victim's account, all while making it look like a normal login process.

• Device code phishing uses the OAuth 2.0 Device Authorization Grant flow
• This flow was designed for devices with limited input options, like smart TVs or printers

How Does Device Code Phishing Work?

The process of device code phishing is surprisingly simple. The hacker sends a device authorization request to a service provider, gets a code, and then sends that code to the victim. The victim, thinking they're just logging in, enters the code on a legitimate login page, giving the hacker access to their account.

• The hacker gets a code from the service provider
• The victim enters the code on a legitimate login page, giving the hacker access

The Rise of Phishing Kits

So, why are device code phishing attacks on the rise? One reason is the availability of phishing kits, which make it easy for cybercriminals to launch these attacks. These kits provide pre-built tools and templates, allowing even low-skilled hackers to get in on the action.

• Phishing kits provide pre-built tools and templates for launching attacks
• Kits like EvilTokens and Venom are making it easy for cybercriminals to launch device code phishing attacks

Expert Insights

According to Push Security, 'At the start of March, we'd observed a 15x increase in device code phishing pages detected by our research team this year, with multiple kits and campaigns being tracked — with the kit now identified as EvilTokens the most prominent. That figure has now risen to 37.5x.'

• Push Security has seen a massive increase in device code phishing pages
• EvilTokens is one of the most prominent phishing kits on the market

Staying Safe from Device Code Phishing

So, how can you protect yourself from these sneaky attacks? The key is to be cautious when entering codes or logging in to your accounts. Make sure you're on a legitimate login page, and never enter codes or login credentials on a page that doesn't look right.

• Be cautious when entering codes or logging in to your accounts
• Make sure you're on a legitimate login page before entering any sensitive information

The Future of Phishing

As phishing kits continue to evolve and become more sophisticated, it's likely that we'll see even more of these attacks in the future. But by staying informed and being cautious, you can protect yourself and your accounts from these sneaky hacks.

• Phishing kits are likely to continue evolving and becoming more sophisticated
• Staying informed and being cautious is key to protecting yourself from these attacks

“At the start of March, we'd observed a 15x increase in device code phishing pages detected by our research team this year, with multiple kits and campaigns being tracked — with the kit now identified as EvilTokens the most prominent. That figure has now risen to 37.5x.”

— Push Security

Final Thoughts

The rise of device code phishing attacks is a reminder that cybersecurity is an ongoing battle. By staying informed and being cautious, you can protect yourself and your accounts from these sneaky hacks. As the threat landscape continues to evolve, it's likely that we'll see even more sophisticated attacks in the future. But for now, being aware of the risks and taking steps to protect yourself is the best defense.

Sources & Credits

Originally reported by BleepingComputer