Security News Phishing Attack almost impossible to detect in Chrome, Firefox and Opera

Winter Soldier

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Parsh said:
While Mozilla is currently still discussing a fix, Google has already patched the vulnerability in its experimental Chrome Canary 59 and will come up with a permanent fix with the release of Chrome Stable 58, set to be launched later this month
Click to expand...
Currently I'm using Edge, but it is bad news for Chrome users waiting for the new version's patch...
 
  • Like
Reactions: Brie, _CyberGhosT_, spaceoctopus and 3 others
LASER_oneXM

LASER_oneXM

Level 37
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
i found a similar artcle about this issue on www.bleepingcomputer.com Here is the link:
Chrome, Firefox, and Opera Vulnerable to Undetectable Phishing Attack

here are two quotes from the article above:
Not all browsers are vulnerable

Of all the browsers Bleeping Computer tested, three rendered the page using Unicode characters, as аррӏе.com. These are Chrome, Firefox, and Opera (including the new Opera Neon variant).
Click to expand...

Other browsers, such as Edge, Internet Explorer, Safari, Vivaldi, and Brave, did not render the page using Unicode characters and displayed the Punycode URL. The reasons are unknown, but we suspect there's a filter that checks if the Punycode URL is in the same character set as the user's default OS settings.
Click to expand...



...and here is the solution that you can find at the buttom of the article:
Mozilla is currently still discussing a fix, but in the meantime, users have an option that will disable Punycode support and mitigate this attack.

Step 1: Type about:config in the Firefox address bar and hit enter.
Step 2: Type network.IDN_show_punycode and set this option to “true” (by double-clicking on it).
Click to expand...
 
  • Like
Reactions: Brie, spaceoctopus, shukla44 and 1 other person
Parsh

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Winter Soldier said:
Currently I'm using Edge, but it is bad news for Chrome users waiting for the new version's patch...
Click to expand...
You know what's more surprising?
This thread (FF bug report) talks about Punycode Homograph attack in title.
I'm not sure if it covers the same thing but the comments are 12 freaking years old!

ExploitBlocker10 said:
So I use Edge, is it affected by this vulnerability?
Click to expand...
Edge is safe as you can see on the BleepingComputer article.
It has screenshots showing how each browser responds to and displays that spoofed page.
 
  • Like
Reactions: Brie, spaceoctopus, ExploitBlocker10 and 3 others
F

ForgottenSeer 19494

ExploitBlocker10 said:
So I use Edge, is it affected by this vulnerability?
Click to expand...
Actually it was, but it seems to be fixed. I loaded the same site about 3 days ago and it showed as paypal.com (though it's not the real paypal). Also it had an SSL certificate (although not EV), which you can get nowadays for free. When it showed as paypal.com it was not with full white color, that it, it was the color the word "threads" is in the MalwareTips URL, not the full white color "malwaretips.com" is.
Parsh said:
You know what's more surprising?
This thread (FF bug report) talks about Punycode Homograph attack in title.
I'm not sure if it covers the same thing but the comments are 12 freaking years old!
Click to expand...
Not the first time I see such an old commented issue exists for Firefox. Sometimes they are fast, but if they decide to be slow they are kings of it.
 
  • Like
Reactions: Brie, spaceoctopus, shukla44 and 4 others
spaceoctopus

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
As we are talking about phishing attacks, on Emsisoft blog, there is a nice and detailed article that was written about types of phishing attempts and attacks :)
Here it is:
Common phishing scams and how to prevent them
blog_main_phishing.png


I think by now we’ve all been contacted by a Nigerian prince looking for someone to help him move his wealth out of the country in return for a share of his fortune. We all know it’s a scam, but did you know a whopping 30% of you still click on phishing scam links?

Phishing scams in particular are getting so sophisticated these days that most of us will need a magnifying glass just to spot the inconsistencies that give away their fraudulent nature.

In today’s post, we will tell you exactly how to recognize a phishing scam and share some classic examples we’ve encountered.

Link to full article : Common phishing scams and how to prevent them
 
  • Like
Reactions: upnorth, Brie, Winter Soldier and 4 others
You must log in or register to reply here.

Similar threads

Ink
    • Like
    • Wow
Google-hosted Malvertising; Clever punycode tricks experts to visit fake Keepass site
Replies
0
Views
755
News Archive
Ink
Ink
vtqhtr413
    • Like
    • Applause
    • Thanks
Technology After Firefox and Brave, Opera reports an uptick in browser installs
Replies
0
Views
278
Technology News
vtqhtr413
vtqhtr413
anirbandutta01
    • Like
Opera browser's privacy & safety
Replies
3
Views
263
Opera
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top