Home / About / Threat Intelligence / Browser in Browser technique makes phishing sites more convincing

Overview

A new phishing kit has been published to GitHub which makes it easier to spoof login pages.
The Browser in Browser technique uses HTML and CSS to create a fake URL bar which can trick even careful users.

Impact

Phishing sites using this template can create SSO pop-up windows which appear to be legitimate.

Affected Products

The phishing kit has templates for Chrome on Windows and MacOS.
The technique itself could be used in other browsers.

Containment, Mitigations & Remediations

The victim would need to navigate to a malicious phishing site for the pop-up to display.
The usual anti-phishing protections which prevent users from accessing malicious sites are still effective.

Indicators of Compromise

SVG files contained in the phish kit:
AE9CD11B7615DED2CE4AA11D21B034B5F9707AA6CB27D46596947903CCB92247
3B439667B653B07D8EEC20A02B2C7CB25E4EB2A91ACDBDB61F28F9163237067D

Threat Landscape

Phishing is the most common type of cyber-attack and criminals are constantly looking for ways to improve the successfulness of their attacks. This technique does that, while its incorporation into a toolkit places this mechanism of attack easily into the capability and realms of novices.

Mitre Methodologies

T1566.002 – Phishing: Spearphishing Link

Further Information

Browser In The Browser (BITB) Attack

mrd0x/BITB – GitHub