New Attack Method Devised to Abuse Microsoft WebView2 and Bypass MFA

You are currently viewing New Attack Method Devised to Abuse Microsoft WebView2 and Bypass MFA


In order to steal victims’ authentication cookies and get around MFA for logging accounts, hackers may utilise a new phishing tactic that takes use of Microsoft Edge WebView2 apps.

A new phishing method

WebView2-Cookie-Stealer is a brand-new phishing technique created by researcher mr. d0x.

A proof-of-concept for the attack’s WebView2 executable, which launches a legitimate Microsoft login form, was made by the researcher.

The exploit enables an attacker to steal authentication cookies and log keystrokes by inserting JavaScript into a webpage that is loaded by an application.

The researcher also revealed that by simply copying a user’s current Chromium profile, it was able to utilise the WebView2 programme to steal cookies from an already-existing Chrome user profile.

How is the assault carried out?

According to the researcher, the assault involves social engineering and requires the victim to open a malicious programme.

It launches a programme that displays a legitimate website’s login form when launched.

There are no suspicious aspects on the login form, such as typos or odd domain names.

Whatever a user inputs is transmitted back to the attacker’s web server since the WebView2 app may embed JavaScript into the page.

As a result, once a user registers in, the programme has access to any cookies delivered by the remote server.


Even security measures like MFA may be avoided using the phishing approach. Therefore, experts advise using anti-malware software like Microsoft Defender at all times, refraining from installing programmes from unreliable sources, and adhering to proper cyber practises.

Leave a Reply