Google chrome

It’s now easier than ever for hackers to abuse Google Chrome

Single sign-on (SSO), an identity verification method that helps people log into various online accounts without needing a password, can be spoofed, allowing threat actors to steal login credentials or multi-factor authentication (MFA) key.

A cybersecurity researcher by the name of mr.d0x has posted a model on GitHub, which uses the Browser in the Browser (BitB) attack method to create a fake browser window inside a real one. The template is available for Chrome for Windows and Mac, for both light and dark themes.

Similar methods existed in the past, with the main difference now being a widely available template that hackers can now simply download, modify to their liking, and display using an iframe.

Browser-ception

An SSO prompt usually comes in the form of a pop-up window, where users can sign into accounts simply by choosing one of the pre-existing accounts they have, whether it’s with Google, Facebook, Twitter, or similar.

Talk to BeepComputer, mr.d0x said the templates were “simple to use” and quite compelling. Attackers can also add the login form’s HTML code directly into the template, he added, further detailing how, in this case, attackers should properly align the form with CSS and HTML.

Some people have already tested it, claiming that they have successfully modified it to steal MFA keys.

Phishing is one of the most common types of cyber attacks today. This is basically a scam attempt, as the victim must be the one who compromises themselves, either by downloading a malicious attachment or visiting a malicious website where they will submit their credentials.

Threat actors often use email to try to “trick” people into making the mistake, often warning victims of a “problem” that needs to be fixed urgently.

Going through: BeepComputer