Security News > 2022 > June > Clever phishing method bypasses MFA using Microsoft WebView2 apps
A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts.
D0x has created a new phishing method that uses Microsoft Edge WebView2 applications to easily steal a user's authentication cookies and log into stolen accounts, even if they are secured with MFA. Microsoft Edge WebView2 to the rescue.
Microsoft Edge WebView2 allows you to embed a web browser, with full support for HTML, CSS, and JavaScript, directly in your native apps using Microsoft Edge as the rendering engine.
D0x, the proof-of-concept executable will open the legitimate Microsoft login form using the embedded WebView2 control.
"We can simply tell WebView2 to start the instance using this profile and upon launch extract all cookies and transfer them to the attacker's server."
What is more concerning is that this attack also bypasses MFA secured by OTPs or security keys, as the cookies are stolen after the user logged in and successfully solved their multi-factor authentication challenge.
News URL
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)