Tuesday, June 18, 2024
HomeCyber CrimeNew Attack Method Devised to Abuse Microsoft WebView2 and Bypass MFA

New Attack Method Devised to Abuse Microsoft WebView2 and Bypass MFA

 

In order to steal victims’ authentication cookies and get around MFA for logging accounts, hackers may utilise a new phishing tactic that takes use of Microsoft Edge WebView2 apps.

A new phishing method

WebView2-Cookie-Stealer is a brand-new phishing technique created by researcher mr. d0x.

A proof-of-concept for the attack’s WebView2 executable, which launches a legitimate Microsoft login form, was made by the researcher.

The exploit enables an attacker to steal authentication cookies and log keystrokes by inserting JavaScript into a webpage that is loaded by an application.

The researcher also revealed that by simply copying a user’s current Chromium profile, it was able to utilise the WebView2 programme to steal cookies from an already-existing Chrome user profile.

How is the assault carried out?

According to the researcher, the assault involves social engineering and requires the victim to open a malicious programme.

It launches a programme that displays a legitimate website’s login form when launched.

There are no suspicious aspects on the login form, such as typos or odd domain names.

Whatever a user inputs is transmitted back to the attacker’s web server since the WebView2 app may embed JavaScript into the page.

As a result, once a user registers in, the programme has access to any cookies delivered by the remote server.

Conclusion

Even security measures like MFA may be avoided using the phishing approach. Therefore, experts advise using anti-malware software like Microsoft Defender at all times, refraining from installing programmes from unreliable sources, and adhering to proper cyber practises.

Previous article
Next article
IEMA IEMLabs
IEMA IEMLabshttps://iemlabs.com
IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with ssyoutube.com
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us