Security researcher @mrd0x has released templates for a new type of malware called Browser In The Browser (BITB) on GitHub. It allows hackers to create realistic pop-up windows to steal logins, passwords and more. This was reported by BleepingComputer.
The phishing kit published by @mrd0x is based on replacing the authorization window that appears after clicking on the login button through a third-party service – Google, Microsoft, Apple and others (even Steam comes across). Attackers have tried to compromise this authorization window before using HTML, CSS and JavaScript, but their crafts did not look completely identical to the originals, and therefore experienced users noticed the substitution.
The browser-in-browser phishing method shown by the researcher differs in that it uses the most realistic login windows that can easily be called through JavaScript. They, like the original, display a valid domain and a lock in the address bar – very few will be able to find meager differences. Chrome window templates for Windows and macOS have been uploaded to GitHub in both light and dark themes.
Kuba Gretzky, the creator of Evilgnix, tested templates from @mrd0x and said that browser-in-browser phishing works well for his phishing method, and therefore it can be adapted to intercept two-factor authentication keys. @mrd0x himself said that the phishing he published cannot be called new – hackers used it back in 2020 to steal Steam profiles.
The Cnews publication took a comment on this from Anastasia Melnikova, director of information security at SEQ. She confirmed that it is extremely difficult to protect against such phishing – you need to know about it in advance and repeatedly double-check the accuracy of forms to enter your data. As one of the alarms, there may be tools for autofilling passwords (including those built into the browser) – such software will immediately determine if the window is fake and will not fill in user data.
Source: Trash Box
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
