HTML attachments are still one of the most prevalent files used in phishing scams in 2022, indicating that the method continues to be successful against spam detection software and works well on the targets themselves. Meanwhile, Google is gradually discontinuing support for Chrome apps in favor of Progressive Web Apps (PWAs) and web-standard technologies, and the feature is likely to be completely phased out in Chrome 109 or later for Windows, macOS, and Linux. However, the effectiveness of the attack is conditional on the attacker already having access to the target’s device. The method works on other operating systems besides Windows, including macOS and Linux, making it a possible cross-platform threat. Moreover, the attacker-controlled phishing site can use JavaScript to perform additional activities, such as instantly closing the window when the user inputs the credentials or resizing and positioning it to accomplish the desired impact. You can deliver these fake applications independently as files.Īs The Hacker News explained, this is accomplished by creating a phishing page with a false address bar at the top and configuring the -app parameter to point to the phishing site hosting the page. However, according to mr.d0x, a security researcher who also discovered the Browser-in-the-Browser (BitB) Attack method earlier this year, a bad actor can use this behavior to display a false address bar on top of the window and trick users into providing their credentials on rogue login forms.Īlthough this technique is meant more towards internal phishing, you can technically still use it in an external phishing scenario. Chromium-based web browsers’ Application Mode capability may be misused by threat actors to create ‘realistic desktop phishing programs, as part of a new phishing tactic.Īt origin, Application Mode is intended to provide native-like experiences by launching the website in a separate browser window, showcasing the website’s favicon, and hiding the address bar.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |