- Apr 24, 2016
A new phishing technique using Chrome's Application Mode feature allows threat actors to display local login forms that appear as desktop applications, making it easier to steal credentials.
The Application Mode feature is available in all Chromium-based browsers, including Google Chrome, Microsoft Edge and the Brave Browser. It can generate realistic-looking login screens that are hard to differentiate from a legitimate login prompt.
Because desktop applications are generally harder to spoof, users are less likely to treat them with the same caution they reserve for browser windows that are more widely abused for phishing.
The potential for using Chrome's app mode in phishing attacks was demonstrated by researcher mr.d0x, who also devised "Browser-in-the-Browser" attacks earlier in the year. Multiple threat actors later used the BiTB technique in phishing attacks to steal credentials.
The app mode in Chromium-based browsers like Google Chrome and Microsoft Edge can be abused to create realistic-looking login screens that appear as desktop apps.