A new phishing technique using Chrome's Application Mode feature allows threat actors to display local login forms that appear as desktop applications, making it easier to steal credentials.
The Application Mode feature is available in all Chromium-based browsers, including Google Chrome, Microsoft Edge and the Brave Browser. It can generate realistic-looking login screens that are hard to differentiate from a legitimate login prompt.
Because desktop applications are generally harder to spoof, users are less likely to treat them with the same caution they reserve for browser windows that are more widely abused for phishing.
The potential for using Chrome's app mode in phishing attacks was
demonstrated by researcher mr.d0x, who also devised
"Browser-in-the-Browser" attacks earlier in the year. Multiple threat actors later used the BiTB technique in
phishing attacks to steal credentials.
