Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication


2FA enhances security by requiring two distinct forms of identification before granting access to an account or service.

Though 2FA reduces the risk of unauthorized access, it’s not completely error-free.

SIEM as a Service

Recently, the security researchers at Cato CTRL identified that the threat actor ProKYC has been selling tools to bypass two-factor authentication.

ProKYC represents a sophisticated “deepfake” tool being marketed in “cybercriminal underground forums.” This toolkit is designed to evade two-factor authentication (2FA) and KYC verification systems used by cryptocurrency exchanges. 

The tool leverages advanced AI to generate both “forged government-issued documents” and “manipulated facial recognition videos.” which enables threat actors to create fake identities.

Analyse Any Suspicious Files With ANY.RUN: Intergarte With You Security Team -> Try for Free

What makes ProKYC particularly concerning is its “dual-capability” system. 

It first produces high-quality fake documents (like “Australian passports”) with AI-generated faces complete with authentic-looking security features (“overlaid official stamps”).

Dark web shop selling counterfeit documents (Source – Cato CTRL)

Then it creates convincing deepfake videos that can pass dynamic facial recognition challenges requiring specific head movements. 

These fake identities facilitate “NAF,” which caused “$5.3 billion” in losses in 2023 (more than from “$3.9 billion” in 2022). 

The tool specifically targets “multi-factor authentication systems” that combine something you have (“ID documents”), something you know (“passwords”), and something you are (“biometric verification“). 

The report reads that during the verification process, the ProKYC actors intercept and replace the genuine webcam input with pre-generated deep fake videos.

This helped them to successfully bypass the security measures on platforms like “ByBit exchange,” despite minor visual artifacts in the fake videos. 

Not only that, but this automated approach also represents a significant evolution from traditional document forgery methods that enable the real-time creation of synthetic identities for large-scale “money laundering” operations and “mule account” creation.

Digital forensics experts identify several indicative markers of manipulated content in deepfake detection like “abnormally high-resolution quality in images” (typically exceeding 4K) or “videos” (60+ FPS), and “inconsistencies in facial feature movements.”

To combat these evolving threats, organizations are implementing multi-layered security approaches (“HUMINT gathering,” “OSINT monitoring,” and “advanced threat detection systems that employ ML algorithms”). 

These systems analyze ‘behavioral biometrics,’ ‘device fingerprinting,’ and ‘network pattern analysis’ to identify potential security breaches. 

Moreover, organizations are also incorporating ‘Zero Trust Architecture principles,’ while maintaining robust “SIEM” systems to monitor and respond to suspicious activities in real-time.

How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)



Source link