New Phishing Scam; BiTB Hack
Dark Web Links to New Browser Hack
Facebook, Google, Microsoft, and other popular websites are currently the target of a new phishing scam dubbed ‘Browser-in-the-Browser’. According to a latest hacking news blog, dark web hackers have created an exploitation that could affect millions of Internet users.
Phishing scams are socially engineered hacking attack that steals information from a person, who is surfing on the Web.
The new hack was discovered by a cyber security analyst, who warned of the new phishing scam that utilizes websites’ browsers to launch the new exploitation technique. Cyber researchers have warned dark web hackers that trigger phishing attacks employ the strategy to steal important data that involves the harvesting of bank account login credentials, and oftentimes credit card numbers, as well as other private information.
Stolen Login Credentials
Dubbed “browser-in-the-browser” the scam was created to manufacture fake browser windows of popular sites like Facebook, Google, Microsoft and Twitter. When users see the legit looking fake browser window, they would think that they are on the official login page of the website that they are visiting. However, the fake browser page will only act as a duplicate webpage that steals the login credentials of the visited websites.
The new 2022 phishing hack in the posted article is dubbed Browser-in-The-Browser (BiTB) Attack Sharing. According to the detailed post, the cyber security researcher known as mr.d0x demonstrated how web surfers are tricked with the newly-devised browser-in-the-middle hack attack.
With Google, Facebook, Microsoft, and other websites that boast a popup window feature, the login page where login credentials are the main targets. When an individual entered the site; it closes and reverts to another displayed login page to input their private credentials as the login process continues. The analyst stated that to avoid being duped by the new phishing scam, Internet surfers must always check the URL of the website they are being reverted to, thus ensuring that they are on the authentic websites.
Hackers Create Fake Web Theme
Further, the cyber hack researcher demonstrated how dark web hackers can exploit users by creating a realistic duplicate of a popular website using basic HTML/CSS. The post shows how the hackers were able to create the fake theme design and combine it with an iframe, which redirects to a phishing page that is hosted on the deep web hackers’ malicious server,
Not to mention, the hosted phishing page has features that are realistic duplicates and are indistinguishable. With JavaScript; it is easy for a dark web hacker to create a link or a button that is clickable on a fake website theme window, especially on the page load format. Additionally, hackers also have the potential to create a very appealing visual animation with the help of scripts found in the JQuery libraries.
The cyber security analyst also warned that Internet users are unable to check the legitimacy of website URLs with JavaScript enabled. And after the user landed on the fake browser site, the victim can be lured to provide critical login credentials. And with that, the hackers’ powerful phishing technique now becomes a lucrative harvesting machine for data that can be used to further exploit victims.
