An evil twin access point as described in a Network World article is a
Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers.
In reality, if the goal is to just eavesdrop, then the attacker doesn’t need a evil twin access point. Sniffing wireless traffic can be done passively using free tools and the users of the wireless network would never know.
Evil twin access points are more likely to exist when the attacker is planning a more sophisticated attack such as a MITM implementation examples from Wikipedia below.
dsniff – A tool for SSL MITM attacks
Ettercap – A tool for LAN based MITM attacks
Karma – A tool that uses 802.11 Evil Twin attacks to perform MITM attacks
AirJack – A tool that demonstrates 802.11 based MITM attacks