Home New BitB attack makes phishing undetectable

New BitB attack makes phishing undetectable

March 21- A newly emerging phishing technique can replicate a browser window within the browser and thereby spoof a legitimate domain. In so doing, hackers can conduct increasingly successful phishing attacks.

According to the security researcher who first identified this attack type, the method involves nefarious use of single sign-on (SSO) options that are embedded in websites.

When a person uses SSO to sign in, the individual ordinarily sees a pop-up window that helps with the completion of the authentication process.

In a BitB attack, cyber criminals replicate this entire process using a mix of HTML and CSS code in order to create a phony browser window.

BitB attack information

“Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and it’s basically indistinguishable,” stated the researcher in a technical write-up.

“JavaScript can be easily used to make the window appear on a link or button click, on the page loading…etc,” Of course, BitB operators can also make the window appear aesthetically pleasing using animations available in libraries like JQuery.

Experts have observed this technique abused in the wild at least once before. In February of 202, a company shared details pertaining to a BitB campaign designed to pinch credentials from a game distribution service through fake websites.

Will employees fall for this attack?

Although this attack method makes it easier to launch effective social engineering campaigns, in order to get swept up in a campaign, a victim needs to be directed to a phishing domain that can display a fake authentication window.

“But once landed on the attacker-owned website, the user will be at-ease as they type their credentials away on what appears to be the legitimate website (because the trustworthy URL says so),” explains the security researcher who identified the hack.

Browser in the Browser attack example
In this Browser-in-the-Browser attack mock-up example, the two web portals look identical.

Determining a suspicious URL’s validity

Unfortunately, hovering over a URL to determine its legitimacy is not particularly effective in this type of attack. JavaScript technicalities enable BitB URLs to look alarmingly similar, if not identical, to their real-world counterparts.

Along the same lines, users cannot discern attacks based on whether or not a site appears to be using HTTPS or whether or not there are any kinds of homographs in the domain.

This means that if hackers find unsuspecting victims, the majority of those who engage with their materials remain liable to fall for a BitB campaign.

How to avoid fake pop-up windows

The following represent security mitigation recommendations from cyber security researchers:

  • Use a reputable password manager
  • Use robust antivirus
  • Ensure that multi-factor authentication is turned on
  • Continually monitor systems and network logs
  • Resize or scroll the pop-up window to verify the authenticity of the window
  • Apply security best practices

For more information pertaining to this story, visit Bleeping Computer.

Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.