Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11New phishing toolkit discovered that makes it easy to create fake Chrome browser windows
This fake window is designed to be extremely lifelike, and also comes with a series of login options familiar with Google, Microsoft, Apple, Twitter or even Steam. The example below shows the DropBox login form, allowing users to sign in with an Apple or Google account.
When you click the Login in Google or App button, a single sign-on (SSO) browser window will be displayed, prompting you to enter your credentials and proceed with your account login.
These windows are removed to show only the login form and a URL address bar of the login form.
Although the address bar is disabled in these SSO windows, you can still use the displayed URL to verify that a legitimate google.com domain is being used to log you into the site. The presence of this URL makes the form more trustworthy, and will make you feel comfortable, no doubt, when entering your login information.
In the past, threat actors have attempted to create these masquerade SSO windows using HTML, CSS, and JavaScript. But there's usually something slightly different about the windows, making them look suspicious rather than 'real' as in the case above.
Browser in the Browser Attack
The emergence of these fake browser windows leads to a new form of attack called "Browser in the Browser (BitB)". They use ready-made templates to create fake Chrome pop-ups, but are designed to look like the real thing, including custom URLs and address headers that can be used in phishing attacks.
Basically, BitB attack creates fake browser windows inside real browser windows (browser within browser), thereby helping to improve the persuasion of the phishing activity.
A security researcher with the nickname mr.d0x recently released examples of BitB attack samples (via GitHub). These include fake Chrome windows on both Windows and Mac, with variations in the appearance of dark and light backgrounds.
Malicious actors sometimes simply download templates, edit them to contain the desired URL and title, and then use an iframe to display the login form. Alternatively, it is also possible to add HTML for the login form directly. However, this process will require the hacker to know how to properly align the form using CSS and HTML.
Kuba Gretzky, the creator of the Evilginx phishing toolkit, tested the new method and showed how it works perfectly with the Evilginx platform. This means it can be adapted to steal 2FA keys in phishing attacks.
In fact, this is not a scam technique. In 2020, there have been many cases of fake game websites using the above technique to steal Steam login information.
Kareem WintersYou should read it
- Microsoft Edge is the best browser to prevent phishing
- [Infographic] How to recognize and prevent Phishing attacks
- GitHub is under strong phishing attack, users pay attention to account security
- Learn about the Adversary-in-the-Middle phishing attack method
- What is IPFS Phishing attack? How to avoid?
- [Infographic] 4 types of Phishing are easy to trap users
- J2TEAM Security - Essential security utility on Google Chrome
- UC Browser Android - lucrative bait for URL spoofing attacks
May be interested
- Specter V2 vulnerability re-appears to attack Intel, Arm CPUs, AMD chips are not affected
security research team vusec and intel have just released a notice of a dangerous remote execution vulnerability of the specter class, known as branch history injection or bhi. - Notorious botnet TrickBot stopped working, redirected to another form of malicious code that could be more dangeroustrickbot, one of the most active and damaging botnets ever recorded worldwide.
- NVIDIA suffered a cyber attack, massive damage estimatednvidia is the next big name to be targeted by hackers in 2022. according to a report from the telegraph, the us computer hardware maker seems to have suffered a serious attack, possibly affects the majority of its business worldwide.
- Ransomware is being used as bait in data destruction attacks targeting Ukraineinternational security researchers have issued a warning about a new type of data erasure malware that is currently being deployed in destructive attacks targeting ukraine's network infrastructure.
- Detecting botnets that can easily bypass Windows Defender and steal crypto wallet datathe sharp increase in the value of cryptocurrency transactions in the past few years has led to the trend of global online systems being attacked by botnets that steal virtual currency.
- Hackers break into chats on Microsoft Teams to spread malwareinternational security researchers have just warned about a relatively new form of attack related to the traditional enterprise application platform microsoft teams.
How to create a Chrome theme quickly
How to Fake IP on Chrome browser
What is Fake IP? Guide to the simplest Fake IP for Chrome
Microsoft Edge is the best browser to prevent phishing
Chrome and Firefox have a serious security flaw, there is no way to fix it