Các bài viết liên quan:
In a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create “realistic deceptive desktop applications” .
Application Mode is designed to provide an original-like experience in such a way that the website is launched in a separate browser window, while also showing the site’s favorite icon and hiding the address bar.
According to security researcher mr.d0x – who also invented the in-browser (BitB) attack method earlier this year – a bad guy can take advantage of this behavior to use a number of tricks HTML/CSS and display a fake address bar on top of the window and fool users into giving up their credentials on fake login forms.
“Although this technique is more geared towards internal phishing, you can technically still use it in an external phishing scenario,” said mr.d0x. “You can distribute these rogue apps independently as files.”
This is achieved by setting up a phishing page with a fake address bar at the top and configuring the –app parameter to point to the phishing site hosting the page.
On top of that, a phishing site controlled by an attacker can use JavaScript to perform more actions, such as closing a window as soon as a user enters credentials or resizing and positioning it to achieve the desired effect.
It should be noted that this mechanism works on other operating systems, such as macOS and Linux, making it a potential cross-platform threat. However, the success of the attack is predicted by the fact that the attacker already has access to the target’s machine.
That said, Google is removing support for Chrome apps in favor of Progressive Web Apps (PWA) and web standards technologies, and the feature is expected to be discontinued entirely in Chrome. 109 or later on Windows, macOS, and Linux.
In a statement shared with The Hacker News, the internet giant said that “the –app feature was deprecated before this study was published, and we are taking into account its potential for abuse when we I consider its future.”
“Users should be aware that running any file provided by an attacker is dangerous. Google Safe Browsing helps protect against unsafe files and websites. While Safe Browsing is enabled by default in Chrome, users may want to enable Advanced Protection to check the safety of your downloads to better warn you when a file could be dangerous. dangerous. “
This finding comes as new Trustwave SpiderLabs findings show that HTML piracy attacks are a common phenomenon, with .HTML (11.39%) and .HTM files (2.7%). The second most spammed attachment type after .JPG (25.29%).
