eBook

Modern Threat Hunting

Modern Threat Hunting

10 Practical Steps to Outsmart Adversaries

10 Practical Steps to Outsmart Adversaries

A Hands-On Guide Using Hunt.io’s Threat Intelligence Platform

Get the Free eBook

Get the Free eBook

evilgophish

evilgophish

evilgophish

Evilgophish is an open-source phishing toolkit that combines two powerful tools: Evilginx2 and GoPhish. GoPhish handles sending out phishing emails, tracking email opens and campaign stats, while Evilginx2 takes over for landing pages and 2FA/MFA. Phishing links from GoPhish point to Evilginx2’s lure paths so even when 2FA is in place, attackers can still capture tokens and cookies. Real-time alerts notify the operator when data is submitted and they can quickly switch to the Evilginx2 terminal to get the full JSON of captured credentials.

Key Insights

Key Insights

EvilGophish uses the strengths of both Evilginx2 and GoPhish. GoPhish manages the email part by sending messages, tracking email engagement, and providing campaign stats in a dashboard. Evilginx2 creates convincing landing pages that bypass 2FA, both systems working together to make a strong phishing operation.

Real-Time Notifications

One of the best features of Evilgophish is real-time data capture. As soon as a victim submits their credentials, the system alerts the operator. This way, the operator can act fast to get the full set of captured tokens and cookies before any countermeasures can interrupt the session.

Streamlined Workflow

The workflow with Evilgophish is designed to be efficient. Operators set up their phishing campaigns with GoPhish, craft their emails, and monitor stats from a dashboard. Evilginx2 handles the complex task of bypassing multi-factor authentication. Operators need to switch to the Evilginx2 terminal to get the detailed data, but the overall process is designed to maximize the attack’s success.

Known Variants

Known Variants

No specific variants for Evilgophish as it’s a combination of two open-source tools. Since it’s open, many threat actors customize the setup to fit their needs.

No specific variants for Evilgophish as it’s a combination of two open-source tools. Since it’s open, many threat actors customize the setup to fit their needs.

Mitigation Strategies

Mitigation Strategies

  • Update your email filtering and phishing detection systems.

  • Educate users to recognize and report phishing attempts.

  • Implement multi-factor authentication that uses hardware tokens or biometric data.

  • Monitor for unusual authentication and data submission.

Targeted Industries or Sectors

Targeted Industries or Sectors

Evilgophish is used in phishing campaigns against multiple industries. It’s very effective against organizations that have strong login processes like financial institutions, tech companies and social media platforms.

Evilgophish is used in phishing campaigns against multiple industries. It’s very effective against organizations that have strong login processes like financial institutions, tech companies and social media platforms.

Associated Threat Actors

Associated Threat Actors

Since it’s open-source Evilgophish is used by many cybercriminals. There is no specific group behind its use; it’s used by financially motivated attackers and phishing operators who need a tool to bypass 2FA and get credentials.

Since it’s open-source Evilgophish is used by many cybercriminals. There is no specific group behind its use; it’s used by financially motivated attackers and phishing operators who need a tool to bypass 2FA and get credentials.

References

    Related Posts:

    GoPhish Infrastructure Targets Polish Energy and Government
    Apr 10, 2025

    GoPhish Framework Leveraged to Target Polish Government Regulator and Energy Sector

    GoPhish Infrastructure Targets Polish Energy and Government
    Apr 10, 2025

    GoPhish Framework Leveraged to Target Polish Government Regulator and Energy Sector

    GoPhish Infrastructure Targets Polish Energy and Government
    Apr 10, 2025

    GoPhish Framework Leveraged to Target Polish Government Regulator and Energy Sector

    EvilGophish Unhooked: Insights Into the Infrastructure and Notable Domains
    Aug 13, 2024

    EvilGophish Unhooked: Insights Into the Infrastructure and Notable Domains

    EvilGophish Unhooked: Insights Into the Infrastructure and Notable Domains
    Aug 13, 2024

    EvilGophish Unhooked: Insights Into the Infrastructure and Notable Domains

    EvilGophish Unhooked: Insights Into the Infrastructure and Notable Domains
    Aug 13, 2024

    EvilGophish Unhooked: Insights Into the Infrastructure and Notable Domains

    Phish No More: A Hunt.io Guide to Gophish Detection
    Oct 12, 2023

    Phish No More: A Hunt.io Guide to Gophish Detection

    Phish No More: A Hunt.io Guide to Gophish Detection
    Oct 12, 2023

    Phish No More: A Hunt.io Guide to Gophish Detection

    Phish No More: A Hunt.io Guide to Gophish Detection
    Oct 12, 2023

    Phish No More: A Hunt.io Guide to Gophish Detection