TheHackerNews posted about an interesting technique where the attacker creates a fabricated web browser to spoof a legitimate domain. This can fool the untrained individual allowing for crazy effective phishing. The article can be found HERE.
Here is the first part of that article. It’s worth checking out and being aware of…..
A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks.
According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single sign-on (SSO) options embedded on websites such as “Sign in with Google” (or Facebook, Apple, or Microsoft).
While the default behavior when a user attempts to sign in via these methods is to be greeted by a pop-up window to complete the authentication process, the BitB attack aims to replicate this entire process using a mix of HTML and CSS code to create an entirely fabricated browser window.
See the rest of the article at New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable (thehackernews.com)
