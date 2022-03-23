A phishing kit has been discovered that allows cybercriminals (even if they have little knowledge in this area) create fake windows for chrome browser that allows them to steal information by way of phishing.

When logging in to many websites, it is common have the option to sign in with Google, Microsoft, Apple, Twitter or even Steam. For example, the DropBox login form allows you to sign in with an Apple or Google account.

By clicking the login buttons on Google or in the application, a login browser window will be displayed (SSO), which will ask you to enter your credentials and then sign in with the account.

The new “Browser in the Browser (BitB or Browser in the Browser) attack” that has been discovered, uses pre-made templates to create fake but realistic chrome popupswhich include custom URLs and titles that can be used in phishing attacks.

Basically, this attack creates fake browser windows within real browser windows (Browser in the Browser) to create very realistic looking phishing attacks.

Threat actors have tried in the past to create these fake SSO windows using HTML, CSS and JavaScript. However, there is usually something fishy about the windows, which makes them look suspicious.

In order to check if one of these pop-ups is trustworthy, it is recommended to use the displayed URL to verify that a legitimate google.com domain is being used to log in to the site. This URL increases the trust of the form.

Templates are on GitHub

The Browser in the Browser attack templates were created by security researcher mr.d0x, who published the templates on GitHub. These templates include Google Chrome for Windows and Mac and dark and light mode variants and are available on GitHub.

mr.d0x stated that the templates are very easy to use to create chrome popups that display single sign-on forms for any online platform and that look very realistic.

The researcher said cybercriminals (or would-be cybercriminals) could simply download the templates, edit them to contain the desired URL and window title, and then use an iframe to display the login form.

