![]() This phishing method was first described by mr.d0x and later reported on by Bleeping Computer. This makes it easier to distribute Windows shortcut files that launch Microsoft Edge, and from there, it’s smooth sailing for the hacker if the victim falls for the fake form. Windows 10 and 11 both come with Microsoft Edge pre-installed. This means that the hacker would first have to gain some sort of control over the computer before following up with this phishing method, be it through malware or through guiding the user to enable it and run a Windows shortcut with the phishing URL. ![]() On the other hand, actually pulling it off requires the victim to have Chromium app mode enabled and launched locally on their device. This hack could potentially be very dangerous simply because of how easy it might be to get fooled by it. Removing the URL largely deals with the easiest way to spot a scam from the real thing. Many users are less wary of desktop apps than websites, because once installed, they are assumed to be safe on the other hand, there’s always some degree of hesitation when visiting a strange website. With all of these things out of the equation, it’s fairly easy to create a clone of a familiar login form and try to trick users into typing their login credentials. The website is launched in a separate window, and on your taskbar, you’ll see the website’s favicon (the icon you normally see next to the website’s name in your browser tab) instead of the Chrome logo. ![]() For starters, the toolbars and the address bar both disappear. A few things happen when you launch Application Mode. In Google Chrome, Application Mode lets web devs create apps that resemble native applications. In reality, all inputs are sent to a malicious attacker. Using Application Mode allows threat actors to spread highly believable-looking local login forms that look like desktop applications. This is a feature that’s available in all Chromium-based browsers, which includes Google Chrome, Microsoft Edge, and Brave. Thanks to a new phishing method, hackers could steal all sorts of personal information by simply mimicking real login forms in Application Mode.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |