Security News > 2022 > March > New Phishing toolkit lets anyone create fake Chrome browser windows
A phishing kit has been released that allows red teamers and wannabe cybercriminals to create effective single sign-on phishing login forms using fake Chrome browser windows.
Threat actors have attempted to create these fake SSO windows using HTML, CSS, and JavaScript in the past, but there is usually something a little off about the windows, making them look suspicious.
This is where a new "Browser in the Browser Attack" comes into play that uses premade templates to create fake but realistic, Chrome popup windows that includes custom address URLs and titles that can be used in phishing attacks.
Basically, this attack creates fake browser windows within real browser windows to create convincing phishing attacks.
Now that premade templates for fake Chrome windows are available, redteamers can use them to create convincing phishing sign-in forms to test the defense of their clients or their own company's employees.
For those who wish to try out the new Browser in the Browser phishing attack, you can grab the templates from GitHub.
News URL
Related news
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024 (source)
- Arc browser’s Windows launch targeted by Google ads malvertising (source)
- Phishing emails abuse Windows search protocol to push malicious scripts (source)