‘Evilginx’ Tool (Still) Bypasses MFA

Evilginx, a malicious version of the NGINX Web server, can be used in adversary-in-the-middle attacks to steal credentials and authentication tokens, bypassing multifactor authentication. Sophos researchers tested Evilginx with Microsoft-themed malicious domains and phishing pages, mimicking a user account protected by MFA and successfully bypassing it. To prevent Evilginx attacks, organizations should move off token-based or push-MFA methods and embrace stronger, phishing-resistant FIDO2-based options like passkeys.