Hackers Are Using ‘App Mode’ in Chromium Browsers for Phishing
App Mode Can Be Used to Create ‘Realistic Desktop Phishing Programs’.
Last updated on October 7, 2022
Chromium-based web browsers’ Application Mode capability may be misused by threat actors to create ‘realistic desktop phishing programs, as part of a new phishing tactic.
At origin, Application Mode is intended to provide native-like experiences by launching the website in a separate browser window, showcasing the website’s favicon, and hiding the address bar.
However, according to mr.d0x, a security researcher who also discovered the Browser-in-the-Browser (BitB) Attack method earlier this year, a bad actor can use this behavior to display a false address bar on top of the window and trick users into providing their credentials on rogue login forms.
Although this technique is meant more towards internal phishing, you can technically still use it in an external phishing scenario. You can deliver these fake applications independently as files.
The method works on other operating systems besides Windows, including macOS and Linux, making it a possible cross-platform threat. However, the effectiveness of the attack is conditional on the attacker already having access to the target’s device.
HTML attachments are still one of the most prevalent files used in phishing scams in 2022, indicating that the method continues to be successful against spam detection software and works well on the targets themselves.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.