Security News > 2022 > October > Web browser app mode can be abused to make desktop phishing pages
A new phishing technique using Chrome's Application Mode feature allows threat actors to display local login forms that appear as desktop applications, making it easier to steal credentials.
Because desktop applications are generally harder to spoof, users are less likely to treat them with the same caution they reserve for browser windows that are more widely abused for phishing.
The potential for using Chrome's app mode in phishing attacks was demonstrated by researcher mr.
Chrome's application mode allows web developers to create web apps with a native desktop appearance suitable for ChromeOS or users who want to enjoy a clean, minimalist interface, like watching YouTube.
To conduct an attack using the technique, threat actors must first convince a user to run a Windows shortcut that launches a phishing URL using Chromium's App Mode feature.
The attack's potential is limited due to the requirement that Chromium app mode is launched locally on a device.