AiTM (Adversary-in-the-Middle)
Advanced phishing attacks that intercept the communication between a user and a legitimate service to steal not just passwords, but MFA session tokens.
Overview
As Multi-Factor Authentication (MFA) becomes standard, attackers have adapted with AiTM phishing. Instead of just hosting a fake login page, the attacker sets up a proxy server. When the victim logs in, the proxy forwards the credentials to the real site, prompts the user for their MFA code, and then steals the resulting authenticated session cookie. This completely bypasses MFA. PhiShark prevents AiTM by using Agentic AI to analyze infrastructure anomalies, reverse-proxy signatures, and domain mismatchings, stopping these sophisticated attacks before the proxy connection can be established.
Real-World Examples
- ▸Evilginx2 or Modlishka proxy toolkits used in phishing campaigns
- ▸Stealing Microsoft 365 or Google Workspace session cookies
- ▸Bypassing SMS or Authenticator app MFA protections
Related Terms
Protect Against AiTM (Adversary-in-the-Middle)
PhiShark's agentic AI detects and analyzes threats in real-time
Start Free Trial