A new phishing kit called Evilginx can allow attackers to create a replica of login forms using a fake Chrome browser.
The attack creates fake browser windows within real browser Windows (Browser in the Browser) in a bid to make it more convincing.
The Browser in the Browser attack uses templates that imitate Chrome browser Windows. The templates were created by security researcher mr. d0x include those for Google Chrome, Windows, and Macs. The templates also offer dark and light mode variants.
Previously, threat actors can only create fake SSO windows using HTML, CSS, and JavaScript. Now, even wannabe cybercriminals can use the template to create a Chrome window to display single sign-on login forms for any online platform.
They can do that by downloading the templates and editing them to contain the desired URL and Window title. After that, they can use an iframe to display the login form.
It is also possible to add the HTML for the login form directly into the template. However, to do this, they will need to align the form properly using CSS and HTML.
For more information, read the original story in BleepingComputer.