[MART] - Daily Diary #593 - The Browser-in-the-Browser Technique

ctas-mat at appgate.com ctas-mat at appgate.com
Tue Sep 13 21:15:43 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

09/13/2022 - Diary entry #593:

In our Daily Diary #420, we began to cover malware techniques and their variations. Today, we will cover a phishing technique called "Browser-in-the-Browser" which has the objective of stealing user account access from any login services, such as Steam, Microsoft, and Google – including MFA.

Unlike traditional phishing resources, the Browser-in-the-Browser technique is a trending attack method that involves the creation of fake browser windows within the active window (using an iframe), pretending to be a pop-up login page for a specific service. The advantage is that it’s difficult for an average user to identify that it’s not a browser window and the threat actors can also display any URL they want on the fake pop-up screen.

This is not a new technique since fake gaming sites were already used in 2020 to steal Steam credentials. However, after Browser-in-the-Browser attack templates were published on GitHub, now any threat actor can easily modify and use them. There are templates available that mimic Google Chrome, Windows, and Mac (including light and dark mode variants) to create compelling windows displaying single sign-on forms for any online platform.

To protect against this attack, we recommend educating users by using this technique during phishing awareness training and not blindly trusting sign-on forms within pop-up screens that appear after accessing an unknown website.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>


Malware Analysis and Research Team


E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220913/dd7ad8d6/attachment.htm>

More information about the MART mailing list