Get in Touch
Please get in touch using the form below.
Browser in Browser technique makes phishing sites more convincing
Overview
A new phishing kit has been published to GitHub which makes it easier to spoof login pages.
The Browser in Browser technique uses HTML and CSS to create a fake URL bar which can trick even careful users.
Impact
Phishing sites using this template can create SSO pop-up windows which appear to be legitimate.
Affected Products
The phishing kit has templates for Chrome on Windows and MacOS.
The technique itself could be used in other browsers.
Containment, Mitigations & Remediations
The victim would need to navigate to a malicious phishing site for the pop-up to display.
The usual anti-phishing protections which prevent users from accessing malicious sites are still effective.
Indicators of Compromise
SVG files contained in the phish kit:
AE9CD11B7615DED2CE4AA11D21B034B5F9707AA6CB27D46596947903CCB92247
3B439667B653B07D8EEC20A02B2C7CB25E4EB2A91ACDBDB61F28F9163237067D
Threat Landscape
Phishing is the most common type of cyber-attack and criminals are constantly looking for ways to improve the successfulness of their attacks. This technique does that, while its incorporation into a toolkit places this mechanism of attack easily into the capability and realms of novices.
Mitre Methodologies
T1566.002 – Phishing: Spearphishing Link