Security News > 2022 > June > Clever phishing method bypasses MFA using Microsoft WebView2 apps
A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts.
D0x has created a new phishing method that uses Microsoft Edge WebView2 applications to easily steal a user's authentication cookies and log into stolen accounts, even if they are secured with MFA. Microsoft Edge WebView2 to the rescue.
Microsoft Edge WebView2 allows you to embed a web browser, with full support for HTML, CSS, and JavaScript, directly in your native apps using Microsoft Edge as the rendering engine.
D0x, the proof-of-concept executable will open the legitimate Microsoft login form using the embedded WebView2 control.
"We can simply tell WebView2 to start the instance using this profile and upon launch extract all cookies and transfer them to the attacker's server."
What is more concerning is that this attack also bypasses MFA secured by OTPs or security keys, as the cookies are stolen after the user logged in and successfully solved their multi-factor authentication challenge.
News URL
Related news
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft MFA outage blocking access to Microsoft 365 apps (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)