How Attackers Bypass MFA: Adversary-in-the-Middle, MFA-Fatigue, and Token Theft

Multi-Factor Authentication (MFA) was long considered the silver bullet against account compromise. But attackers have caught up: Adversary-in-the-Middle proxies intercept MFA tokens in real-time, MFA-fatigue attacks harass users until they give in, and session token theft makes the second factor irrelevant. MFA remains important – but it’s no longer enough on its own.

TL;DR

AiTM proxies (Evilginx, Modlishka) intercept MFA tokens in real-time
MFA-fatigue: The Uber hack of 2022 succeeded through push-bombing
Session token theft via infostealers bypasses MFA entirely
FIDO2/Passkeys are the only phishing-resistant standard

Adversary-in-the-Middle: The Invisible Proxy

AiTM attacks insert a reverse proxy between the user and the legitimate login page. The user sees a perfect copy, enters credentials and MFA code – the proxy forwards everything and intercepts the resulting session token. The attacker now has an authenticated session without ever possessing the second factor.

Tools like Evilginx2 make such attacks alarmingly simple. A convincing phishing domain, a configured proxy, and MFA is circumvented. Microsoft reported in 2023 that over 10,000 organizations were affected by AiTM campaigns.

MFA-Fatigue: The Human Factor

In the Uber hack of 2022, the attacker bombarded an employee with MFA push notifications – hundreds in a short period. Eventually, the victim tapped “Approve” to stop the barrage. Once was enough.

MFA-fatigue works because push-based MFA only asks the user “Was that you?” – without context. Countermeasures: Number Matching (the user must enter a number from the login page into the app), rate limiting, and anomaly-based alerts for unusual MFA activity.

Session Token Theft: Bypassing MFA Without Targeting It

Infostealer malware (Raccoon, Redline, Vidar) steals browser cookies and session tokens directly from the device. With a valid session token, the attacker can take over the session – MFA was already passed during login and is no longer relevant.

The result: Authenticated sessions are traded on dark web marketplaces. A valid session token for a corporate M365 account costs less than 10 USD. The solution: Token Binding, Conditional Access with Device Compliance, and regular session invalidation.

The Solution: FIDO2 and Phishing-Resistant MFA

FIDO2-based authentication (hardware keys, passkeys) is inherently immune to AiTM attacks: The private key is bound to the domain. A proxy on another domain gets no valid signature. Push-bombing is also excluded – the user must physically touch a key or biometrically confirm.

Google reports: Since the FIDO2 mandate for all employees (2017), there have been zero successful phishing attacks on employee accounts. The technology works – the challenge is adoption in the enterprise context.

Key Facts

AiTM Campaigns: Over 10,000 affected organizations in 2023 (Microsoft)

Session Token Price: Less than 10 USD on dark web marketplaces

FIDO2 at Google: 0 successful phishing attacks since introduction in 2017

Frequently Asked Questions

Should I disable MFA if it can be bypassed?

Absolutely not. MFA still blocks over 99 percent of automated credential attacks. The mentioned bypass techniques require targeted effort. MFA remains mandatory – but should be supplemented with phishing-resistant methods (FIDO2).

What is Number Matching in MFA?

Instead of just “Approve/Reject,” the login page displays a two-digit number. The user must enter the same number in the authenticator app. This prevents blind approval in MFA-fatigue attacks. Microsoft and Duo offer Number Matching natively.

Does a VPN protect against AiTM attacks?

No. AiTM attacks target cloud services (M365, Google Workspace) used directly via the browser – not via VPN. Protection lies in phishing-resistant authentication and Conditional Access policies that check device compliance.

About the author: Tobias Massow

Read article

Phishing

Zero Trust