A new phishing technique has been discovered by Malwarebytes, and that is a malicious browser extension that installs itself undetected in the background and injects pages with deceptive advertising and malware.
The browser-in-the-browser technique has been designed to make it more difficult for you to detect a fake copy of your browser by putting any internet software in the space of a tab on the browser.
- Takes assistance of third party sign-in (Facebook, Google, Microsoft, etc)
- This dangerous new phishing technique is gaining popularity as a way to distribute malware as well as spy on users in order to steal their passwords.
Imagine this: you’re trying to log into your bank to make a deposit, but the login page is showing that it’s already been used.
The hacker sends a link to the victim. When opened, it appears to be their regular browser window but is a secondary window. This secondary window has a popup window that asks for credentials to the victim’s account. The hacker then gets access and does whatever they want with the account.
- Comes in a Downloaded file
- Becomes Dummy ( Fake Login Web Page)
Browsers in the browser phishing attacks start by tricking a user into downloading malicious software that claims to be an update for their web browser.
- Once installed, the malicious software will then make it seem like a new tab has opened on top of the user’s actual web browser window
- Telling the user to enter their username and password so they can log in to the site.
- Users are then directed to a fake login screen that appears as though they are logging into the correct website when they are actually entering credentials into this malware’s login screen.
While attempting to sign in, It-
- Shows a pop-up window.
- Asks for authentication.
- See if the webpage has HTTPS (Hypertext Transfer Protocol Secure).
- No homographs were used ( Same word but different meanings).
This newly discovered phishing technique by Malwarebytes and Fortinet hijacks the browser window. In this scheme, the Trojan Horse arrives in a downloaded file disguised as a video player or other popular software program. Once it’s downloaded and opened, it quietly hijacks your browser window. From there, it can show a fake login page for Facebook, Twitter, or another website where you’ll need to enter your password.
There’s a new technique phishers are using to make the theft of credentials and personal data even easier. They’re hijacking browsers to steal your credentials and personal data. This is done by installing an add-on or extension in a browser that can then capture both private information like your passwords, as well as login details for sites like Facebook, Google, Twitter, and Amazon.
Once installed, the browser will show you a warning that looks something like this – “Do you want to update your Safari browser?” In case, if any user chooses “Yes”. Automatically the extension will be installed.
- Hijacks browser by Add on Installation
- Steals Away Password
- Tracks Location
You can protect yourself against this attack by updating your browser to the latest version. You should also disable any plugins that you don’t need. You can even remove any extensions from Chrome or Firefox if you don’t know what they are. Of course, you should be aware of phishing attempts in general and be careful about clicking suspicious links.
- Deactivate Plugins
- Remove Extensions
- Avoid Unusual Links
Fake versions of websites are showing up on the internet. They look harmless and don’t blatantly ask for information, but they can do something more sinister than that. This type of phishing attack is not new but has been getting more attention lately because of how easy it is to disguise as legitimate.