Security News > 2022 > April > “Browser in the Browser” attacks: A devastating new phishing technique arises
Browser in the browser attacks consist of simulating a browser window within the browser to spoof a legitimate domain.
The principle is pretty straightforward: The user connects to a website, which in turn opens a new browser window that asks for Google, Apple, Microsoft or other third parties' credentials, to allow the user to log in.
Google's Threat Analysis Group reported a new attack campaign from known threat actor Ghostwriter.
The threat actor originates from Belarus and has deployed BITB attacks with the phishing pages being hosted by a compromised website.
We suspect a lot more threat actors will quickly adapt and use this new technique in their attack campaigns.
The best ways to avoid BITB attacks are actually the same as for usual phishing.
News URL
https://www.techrepublic.com/article/browser-in-the-browser-attacks-arise/
Related news
- Malicious Browser Extensions are the Next Frontier for Identity Attacks (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- New Apple CPU side-channel attacks steal data from browsers (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)