Security News > 2022 > April > “Browser in the Browser” attacks: A devastating new phishing technique arises
Browser in the browser attacks consist of simulating a browser window within the browser to spoof a legitimate domain.
The principle is pretty straightforward: The user connects to a website, which in turn opens a new browser window that asks for Google, Apple, Microsoft or other third parties' credentials, to allow the user to log in.
Google's Threat Analysis Group reported a new attack campaign from known threat actor Ghostwriter.
The threat actor originates from Belarus and has deployed BITB attacks with the phishing pages being hosted by a compromised website.
We suspect a lot more threat actors will quickly adapt and use this new technique in their attack campaigns.
The best ways to avoid BITB attacks are actually the same as for usual phishing.
News URL
https://www.techrepublic.com/article/browser-in-the-browser-attacks-arise/
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)