The BITB attack makes phishing almost undetectable
By MYBRANDBOOK
An unfamiliar phishing technique called browser-in-the-browser (BitB) attack can be exploited to imitate a browser window within the browser in order to trick a legitimate domain, thereby making it possible to stage convincing phishing attacks.
In early 2020, a campaign that leveraged the BitB trick to siphon credentials for video game digital distribution service Steam by means of fake Counter-Strike: Global Offensive websites was discovered.
According to penetration testers and security researchers, the method takes advantage of third-party single sign-on (SSO) options embedded on websites such as "Sign in with Google" (or Facebook, Apple, or Microsoft).
While the default behavior is to be greeted by a pop-up window to complete the authentication process when a user attempts to sign in via these methods, the BitB attack aims to replicate this entire process using a mix of HTML and CSS code to create an entirely fabricated browser window.
Potential victims need to be redirected to a phishing domain that can display such a fake authentication window for credential harvesting, while this method significantly makes it easier to mount effective social engineering campaigns.
Normally, the measures taken by a user to detect a phishing site include checking to see if the URL is legitimate, whether the website is using HTTPS, and whether there is any kind of homograph in the domain, among others. In this case, everything looks fine as the domain is steamcommunity[.]com, which is legitimate and is using HTTPS. But when it is tried to drag this prompt from the currently used window, it disappears beyond the edge of the window as it is not a legitimate browser pop-up and is created using HTML in the current window.
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Paytm brings UPI Lite Wallet for low-value transactions
Paytm’s parent company One97 Communications (OCL) is emphasizing upon UP...
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
AMARA RAJA POWER SYSTEMS LTD.
TP-LINK INDIA PVT LTD.
SAMSUNG INDIA ELECTRONICS PVT. LTD.
NETWEB TECHNOLOGIES INDIA LTD.
Technology Icons Of India 2023: Kumar Mangalam Birla
Aditya Birla Group chairman Kumar Mangalam Birla’s return to Vodafon...
Technology Icons Of India 2023: Dr. P D Vaghela
Dr PD Vaghela serves as the Chairperson of Telecommunications Regulato...
Technology Icons Of India 2023: Sunil Bharti Mittal
Sunil Bharti Mittal is the Founder and Chairman of Bharti Enterprises,...
ECIL continues to keep India ahead in the growth of Information Technology and Electronics
ECIL played a very significant role in the training and growth of high...
TCIL continues to strengthen India with its technology expertise
TCIL undertakes consultancy & turnkey projects in the field of Telecom...
CSCs enabling rural India digitally empowered
Common service centres (CSCs) are digital access points under the Digi...
ACCERON INFOSOL PVT. LTD.
It is a leading value added distributor in the IT security space and h...
Crayon Software Experts India Pvt Ltd
Crayon helps its customers build the commercial and technical foundati...
SAVEX TECHNOLOGIES PVT. LTD.
Savex Technologies is the 3rd largest Information & Communication Tec...