- Apr 24, 2016
A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts.
With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant.
However, the increasing adoption of multi-factor authentication (MFA) has made it difficult to use these stolen credentials unless the threat actor also has access to the target's one-time MFA passcodes or security keys.
This has led to threat actors and researchers coming up with new ways of bypassing MFA, including zero-day website vulnerabilities, reverse proxies, and clever techniques, such as the Browser in the Browser attack and utilizing VNC to display remote browsers locally.
This week, cybersecurity researcher mr.d0x has created a new phishing method that uses Microsoft Edge WebView2 applications to easily steal a user's authentication cookies and log into stolen accounts, even if they are secured with MFA.