Passwords and other vital information are easily stolen nowadays using several malicious methods. But, recently, a new phishing technique, BitB attack has been discovered that is so well designed that most people would fall for it.
By spoofing a legitimate domain using this attack, it is possible to stage convincing phishing attacks that mimic a website window within the browser.
The security analyst, mrd0x asserted that this sophisticated method takes advantage of third-party SSO options (like sign in with Google, Facebook, Apple, or Microsoft) that come pre-embedded on all the major websites.
Fake Login Windows
In most cases, a pop-up window will be displayed as soon as a user tries to sign in via these methods. In short, this technique involves making a fake pop-up login window that appears on a web page.
With the BitB attack, an entirely fabricated browser window is created by combining HTML and CSS.
In the image below you can see how Windows appears when someone attempts to log in, in this case, the analyst demonstrated it by using a Google account on Canva.
A basic HTML/CSS page can be easily replicated to create a window design. By incorporating an iframe pointing to the malicious server hosting the phishing page into the window design, the malicious server is effectively undetectable.
The cybersecurity analyst, mrd0x stated:-
“Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and it’s basically indistinguishable. JavaScript can be easily used to make the window appear on a link or button click, on the page loading, etc.”
Avoid Fake pop-up Windows
Moreover, cybersecurity researchers have recommended a few mitigations:-
- Always use one of the best password managers.
- Always use robust antivirus.
- Make sure to enable multifactor authentication.
- Always monitor the system and network logs.
- Try to resize or scroll the pop-up window to verify the authenticity of the Window.
- Make sure to implement best security practices.
Social engineering campaigns can be easily mounted using this method. While the phishing domain holding a fake authentication window is necessary for credential harvesting since potential victims need to be redirected to it.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.