Brinztech Alert: Eviginx Cloaker Tool Targets Microsoft 365 and Google Accounts

Dark Web News Analysis
A new phishing tool dubbed the “Eviginx cloaker” is being advertised on a hacker forum. Built on the Evilginx3 framework, this Android-compatible platform is designed to simulate legitimate login pages and intercept credentials and session cookies from Microsoft 365 and Google accounts. The tool includes cloaking features to evade detection and bot filtering, making it highly effective against automated defenses.
The seller is offering contact via Telegram, a common tactic among threat actors seeking anonymity and direct buyer engagement. While the tool is marketed for red teaming and training, its capabilities make it ripe for abuse in real-world phishing campaigns.

🔐 Key Cybersecurity Insights

• Sophisticated Phishing Capabilities:
  The integration of Evilginx3 with cloaking and bot detection enables advanced adversary-in-the-middle (AiTM) phishing attacks.
• Credential and Cookie Theft:
  The tool’s primary function is to capture login credentials and session cookies, allowing attackers to bypass MFA and hijack active sessions.
• Lowered Technical Barrier:
  The turnkey nature of the platform makes it accessible to less-skilled threat actors, increasing the volume and reach of phishing campaigns.
• Misuse Risk Despite Legitimate Framing:
  Although advertised for ethical use, the tool’s design and deployment method make it highly susceptible to malicious exploitation.

🛡️ Mitigation Strategies

• Deploy Enhanced Employee Training:
  Educate staff on AiTM phishing techniques and how to recognize deceptive login pages and suspicious redirects.
• Enforce Multi-Factor Authentication (MFA):
  Apply MFA across all critical systems to reduce the impact of stolen credentials and session hijacking.
• Implement Endpoint Detection and Response (EDR):
  Use EDR solutions to detect and block phishing payloads, malicious scripts, and unauthorized access attempts.
• Monitor and Block Suspicious Telegram Channels:
  Track emerging Telegram accounts linked to phishing tool sales and block known malicious actors from engaging with internal systems.

📣 Secure Your Organization with Brinztech
Brinztech offers phishing simulation defense, AiTM detection, and endpoint protection services tailored for enterprise environments. Contact us to learn how we can help safeguard your credentials and cloud sessions.

💬 Questions or Feedback?
Use our ‘Ask an Analyst’ feature for expert guidance. Brinztech does not validate external breach claims. For general inquiries or to report this post, email us at: contact@brinztech.com