article featured image


Chromium-based web browsers’ Application Mode capability may be misused by threat actors to create ‘realistic desktop phishing programs, as part of a new phishing tactic.

At origin, Application Mode is intended to provide native-like experiences by launching the website in a separate browser window, showcasing the website’s favicon, and hiding the address bar.

However, according to mr.d0x, a security researcher who also discovered the Browser-in-the-Browser (BitB) Attack method earlier this year, a bad actor can use this behavior to display a false address bar on top of the window and trick users into providing their credentials on rogue login forms.

Although this technique is meant more towards internal phishing, you can technically still use it in an external phishing scenario. You can deliver these fake applications independently as files.



As The Hacker News explained, this is accomplished by creating a phishing page with a false address bar at the top and configuring the —app parameter to point to the phishing site hosting the page.

app mode technique


Moreover, the attacker-controlled phishing site can use JavaScript to perform additional activities, such as instantly closing the window when the user inputs the credentials or resizing and positioning it to accomplish the desired impact.

The method works on other operating systems besides Windows, including macOS and Linux, making it a possible cross-platform threat. However, the effectiveness of the attack is conditional on the attacker already having access to the target’s device.

Meanwhile, Google is gradually discontinuing support for Chrome apps in favor of Progressive Web Apps (PWAs) and web-standard technologies, and the feature is likely to be completely phased out in Chrome 109 or later for Windows, macOS, and Linux.

HTML attachments are still one of the most prevalent files used in phishing scams in 2022, indicating that the method continues to be successful against spam detection software and works well on the targets themselves.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.