EvilProxy: The Phishing Kit Turning Cybercrime into a Customer Service Experience
“Meet EvilProxy, the ‘LockBit of phishing’—a reverse-proxy kit that turns digital novices into phishing pros. With guides on using Cloudflare to disguise malicious traffic, even your grandma could launch a cyber attack! Proofpoint reports a million threats monthly, proving cybercrime has never been so convenient.”

Hot Take:
So, not only do we have to worry about sophisticated hackers, but now we also have to keep an eye out for “phishing-as-a-service”? Looks like even cybercriminals have embraced the gig economy. What’s next, ransomware subscriptions with loyalty points?
Key Points:
- EvilProxy is a reverse-proxy phishing kit, making it a popular “phishing-as-a-service” (PhaaS) tool.
- Cybercriminals are leveraging legitimate Cloudflare services to disguise their malicious activities.
- The tool has been in operation since at least mid-2022 and has seen increasing use.
- Proofpoint reports a significant rise in EvilProxy campaigns targeting C-Suite executives.
- Groups like TA4903 and TA577 have adopted EvilProxy for credential phishing and business email compromise (BEC).
Already a member? Log in here