Security News > 2022 > October > Hackers Can Use 'App Mode' in Chromium Browsers' for Stealth Phishing Attacks

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "Realistic desktop phishing applications."
Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the address bar.
"Although this technique is meant more towards internal phishing, you can technically still use it in an external phishing scenario," mr.
This is achieved by setting up a phishing page with a fake address bar at the top, and configuring the -app parameter to point to the phishing site hosting the page.
On top of that, the attacker-controlled phishing site can make use of JavaScript to take more actions, such as closing the window immediately after the user enters the credentials or resizing and positioning it to achieve the desired effect.
The findings come as new findings Trustwave SpiderLabs show that HTML smuggling attacks are a common occurrence, with.
News URL
https://thehackernews.com/2022/10/hackers-can-use-app-mode-in-chromium.html
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Browser-in-the-Browser attacks target CS2 players' Steam accounts (source)