Phishing Kit Lets Attackers Create Fake Chrome Browser Windows

Share post:

A new phishing kit called Evilginx can allow attackers to create a replica of login forms using a fake Chrome browser.

The attack creates fake browser windows within real browser Windows (Browser in the Browser) in a bid to make it more convincing.

The Browser in the Browser attack uses templates that imitate Chrome browser Windows. The templates were created by security researcher mr. d0x include those for Google Chrome, Windows, and Macs. The templates also offer dark and light mode variants.

Previously, threat actors can only create fake SSO windows using HTML, CSS, and JavaScript. Now, even wannabe cybercriminals can use the template to create a Chrome window to display single sign-on login forms for any online platform.

They can do that by downloading the templates and editing them to contain the desired URL and Window title. After that, they can use an iframe to display the login form.

It is also possible to add the HTML for the login form directly into the template. However, to do this, they will need to align the form properly using CSS and HTML.

For more information, read the original story in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for Friday, December 1, 2023

This episode features a discussion on ransomware, the latest explanation from Okta of a support hack and a survey of infosec pros whose firms w

Cyber Security Today, Dec. 1, 2023 podcast – More on Booking.com compromises

This episode reports on the sanctioning of the Sinbad crypto mixe

All Okta customer support users had their email addresses copied

Identity and access provider Okta now says the threat actor who accessed its customer help desk system last month got the names and email addresses of all contacts of organizations that use its support system. Originally, the company said that, after an investigation, it determined only one per cent of the contacts from its 18,000

Failure of technology to detect attacks is a prime cause of breaches: Survey

Despite the money being poured into cybersecurity by IT departments, the leading cause of breaches of security controls was the failure of technology to detect an attack, a new survey from Trellix suggests. Forty-two per cent of respondents to the international survey of infosec leaders whose organization had suffered a recent cyber attack said their

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways