October 3, 2023

A new phishing technique called browser-in-the-browser (BitB) attack can be used to simulate a browser window in the browser to spoof a legitimate domain, making it possible to launch persuasive phishing attacks. to feed.

The method uses third-party single sign-on (SSO) options embedded on websites such as “Sign in with Google or Facebook, Apple, or Microsoft”, according to the researchers

Usually the default behavior is when a user tries to log in via these methods is greeted by a pop-up window to complete the authentication process, the BitB attack aims to replicate this entire process using a mix of HTML and CSS code. to a completely made-up browser window.

Advertisements

By combining the window design with an iframe pointing to the malicious server hosting the phishing page, and it’s basically indistinguishable . JavaScripts can be easily used to make the window appear on a link or a button click, on the page being loaded, etc.

This method makes it significantly easier to assemble effectively social engineering campaigns it is worth noting that potential victims should be redirected to a phishing domain that may display such a fake authentication window for credential collection.

“But once they land on the attacker’s website, the user will feel comfortable entering their credentials on what appears to be the legitimate website, Since the url is trusted ” added mrd0x_.

Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: