Home > Cyber News > New Browser-in-the-Browser Technique Makes Phishing Indistinguishable
CYBER NEWS

New Browser-in-the-Browser Technique Makes Phishing Indistinguishable

by   |  Last Update:  |  0 Comments  

New Browser-in-the-Browser Technique Makes Phishing Indistinguishable
Browser-in-the-browser (BitB) is a new type of attack that can be leveraged to simulate a browser window within the browser to spoof a legitimate domain. The technique can be used to perform credible phishing attacks.

Browser-in-the-Browser Phishing Technique Explained

Discovered by a penetration tester known as mr. d0x, the technique leverages third-party single sign options typically embedded on websites, such as Sign in with Facebook or Google.

“Quite often when we authenticate to a website via Google, Microsoft, Apple etc. we’re provided a pop-up window that asks us to authenticate,” mr. d0x said. The BitB attack aims to replicate this process by using a combination of HTML and CSS code, creating a bogus but believable browser window. He combined the window design with an iframe pointing to the malicious server that hosts the malicious page. The result is “basically indistinguishable”.




“JavaScript can be easily used to make the window appear on a link or button click, on the page loading etc. And of course you can make the window appear in a visually appealing manner through animations available in libraries such as JQuery,” he added.

The researcher has created templates for Windows and macOS for the Chrome browser in both Light and Dark mode. This technique significantly improves phishing schemes, making them very difficult to detect. The targeted user only needs to land on the fabricated site for the pop-up window to be displayed to reveal their credentials.

Learn more about the technique from the original technical write-up.

Last year, phishing operators created specific obfuscation technique that uses Morse code to conceal malicious URLs within an email attachment. This is perhaps the first case of threat actors utilizing Morse code in such a way.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Novel Phishing Technique Uses Morse Code to Conceal Malicious URLs Phishing operators have created a new obfuscation technique that uses...
  2. Which Are The Most Secure Smartphones PRICE TOTAL SCORE OS VPN ENCRYPTION TRACK BLOCK FINGERPRINT 1...
  3. Microsoft and Google’s Cloud Infrastructure Abused by Hackers in Phishing Emails The adoption of cloud collaboration tools in organizations has increased,...
  4. How to Remove Phishing Scams in 2021 This article has been created in order to help you...
  5. Hackers Use Open Redirect Links to Bypass Detection in Phishing Operation Microsoft researchers detected a new phishing campaign leveraging open redirector...
  6. The Most Secure Smartwatches List This is a comprehensive Top 10 list that summarizes the...
  7. Phishing Kit Uses Novel URI Fragmentation Technique in Pre-Holiday Campaigns Phishing continues to be a highly dangerous online threat, as...
  8. Process Ghosting: The Latest Malware Evasion Technique Security researchers discovered a new malicious technique that helps malware...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree