Security News > 2022 > June > Clever phishing method bypasses MFA using Microsoft WebView2 apps
A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts.
D0x has created a new phishing method that uses Microsoft Edge WebView2 applications to easily steal a user's authentication cookies and log into stolen accounts, even if they are secured with MFA. Microsoft Edge WebView2 to the rescue.
Microsoft Edge WebView2 allows you to embed a web browser, with full support for HTML, CSS, and JavaScript, directly in your native apps using Microsoft Edge as the rendering engine.
D0x, the proof-of-concept executable will open the legitimate Microsoft login form using the embedded WebView2 control.
"We can simply tell WebView2 to start the instance using this profile and upon launch extract all cookies and transfer them to the attacker's server."
What is more concerning is that this attack also bypasses MFA secured by OTPs or security keys, as the cookies are stolen after the user logged in and successfully solved their multi-factor authentication challenge.
News URL
Related news
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)