• About
  • Privacy Policy
  • Contact
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
No Result
View All Result
Home Artificial Intelligence

Phishing Technique Bypasses MFA With Microsoft Edge WebView2 Applications

TND Newsdesk by TND Newsdesk
June 28, 2022
in Artificial Intelligence, Security
0 0
0

Cybersecurity researcher mr.dox has developed a new phishing method that uses Microsoft Edge WebView2 applications to steal a user’s authentication cookies and log into stolen accounts, even if they are secured with MFA.

The new phishing technique, known as the WebView2-Cookie-Stealer consist of a WebView2 executable that opens the login of a legitimate website from inside the application.

Microsoft Edge WebView2 allows developers to embed a web browser directly into their native apps with Microsoft Edge. Microsoft Edge WebView2 allows apps to load any web page into a native application and make it look as if they have opened those applications in Microsoft Edge.

The new phishing POC opens the legitimate Microsoft login form using the embedded WebView2 control. It can be used to steal all cookies sent from the remote server after a user logs in, including authentication cookies.

For this purpose, the application creates a Chromium User Data folder at the first start and then uses this folder for each subsequent installation.

The attack also bypasses MFA, which are secured by OTPs or security keys. This is possible because the cookies are stolen after users have logged in and successfully solved the challenge of multifactor authentication.

The sources for this piece include an article in BleepingComputer.

Tags: Privacy & Securitysecurity strategies

Subscribe

About Tech News Day

In just 10 minutes you will have all your leadership tech news needs covered. Our Editors browse the top tech news sites for you, get rid of the fluff and post summaries of the best. Our content is created by trained professionals and enhanced for IT leaders using leading edge artificial intelligence.

About

Tech Newsday

Tech News Day picks the new, most relevant tech stories.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways.

SUBSCRIBE

Categories

  • Artificial Intelligence
  • Auto Tech
  • Blockchain
  • Careers & Education
  • Channel Strategy
  • Cloud
  • Communications & Telecom
  • Companies
  • Data & Ananytics
  • Development
  • Digital Transformation
  • Distribution
  • Diversity & Inclusion
  • eCommerce
  • Emerging Tech
  • End User Hardware
  • Engineering
  • Financial
  • Fintech
  • Future of Work
  • Governance
  • Government & Public Sector
  • Human Resources
  • Infrastructure
  • IoT
  • Leadership
  • Legal
  • Legislation & Regulation
  • Managed Services & Outsourcing
  • Marketing
  • Martech
  • Medical
  • Mobility
  • Not for Profit
  • Open Source
  • Operations
  • People
  • Podcasts
  • Privacy
  • Security
  • Service
  • Smart Home
  • SMB
  • Social Networks
  • Software
  • Supply Chain
  • Sustainability
  • Today's News
  • Top Stories This Week
  • Women in Tech
  • Home
  • Today’s News
  • About
  • Privacy
  • Contact

2022 Tech News Day

No Result
View All Result
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News

2022 Tech News Day

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00