Browser-in-the-browser attack: a new phishing technique

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Content source
https://www.kaspersky.com/blog/browser-in-the-browser-attack/44163/
  • Like
  • Wow
  • +Reputation
Reactions: Andy Ful, Moonhorse, SeriousHoax and 9 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,881
MuzzMelbourne said:
www.kaspersky.com

What is a browser-in-the-browser (BitB) attack?

What a “browser-in-the-browser” attack is, and how to prevent a phishing site that uses it from stealing your password.
www.kaspersky.com www.kaspersky.com
Click to expand...
This actually seems pretty concerning. Most phishing is pretty obvious. This is much less so. Even fairly cautious people could be deceived. But since the fake Browser in the Browser is still at the phishing site password managers shouldn't feed the password automatically which is good.
 
  • Like
  • Applause
Reactions: MuzzMelbourne, Kongo, Moonhorse and 4 others
SeriousHoax

SeriousHoax

Level 51
Verified
Top Poster
Well-known
Mar 16, 2019
4,038
blackice said:
This actually seems pretty concerning. Most phishing is pretty obvious. This is much less so. Even fairly cautious people could be deceived. But since the fake Browser in the Browser is still at the phishing site password managers shouldn't feed the password automatically which is good.
Click to expand...
I wonder if features like HTTPS scanning provided by some products will make it easier to identify these.
 
  • Like
Reactions: Azure, MuzzMelbourne, ErzCrz and 1 other person
MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
This is why I don’t use password managers or auto-fill functions. Login details are only stored in my necktop computer…
 
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,881
MuzzMelbourne said:
This is why I don’t use password managers or auto-fill functions. Login details are only stored in my necktop computer…
Click to expand...
I think the autofill function wouldn't work in this case, since the page is actually just the phishing url spoofing a page.
 
  • Like
Reactions: Azure
MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
blackice said:
I think the autofill function wouldn't work in this case, since the page is actually just the phishing url spoofing a page.
Click to expand...
Probably, but those sneaky little scammer types will work it out one day…
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News New Syncjacking attack hijacks devices using Chrome extensions
Replies
0
Views
614
Security News
Gandalf_The_Grey
Gandalf_The_Grey
enaph
    • Like
    • HaHa
    • Wow
Security News Novel C2 Technique Exploits QR Codes to Bypass Browser Isolation
Replies
1
Views
499
Security News
TairikuOkami
TairikuOkami
harlan4096
    • Like
    • +Reputation
  • Sticky
New Update How to install or update Kaspersky apps for Android in 2025
Replies
3
Views
613
Kaspersky
Virtuoso
Virtuoso

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top