2 min read

Researcher Discovers New MFA-bypassing Phishing Technique Based on Microsoft WebView2

Vlad CONSTANTINESCU

June 27, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Researcher Discovers New MFA-bypassing Phishing Technique Based on Microsoft WebView2

A cybersecurity researcher discovered a new phishing technique that leverages Microsoft WebView2 applications to bypass Multi-Factor Authentication (MFA) and steal login cookies.

The researcher behind the discovery, known as mr.d0x, also published a Browser-in-the-Browser (BITB) attack technique earlier this year.

The newly discovered technique uses Microsoft Edge WebView2 applications to steal victims’ authentication cookies and log in to their accounts even if they’re MFA-protected. The attack is possible through JavaScript injection piggybacking on a built-in WebView2 function.

In the example, mr.d0x used a specially crafted WebView2 application that loaded a JavaScript keylogger injected into a legitimate Microsoft login form. The researcher also showed how the keylogger could fetch keystrokes from within the decoy application.

Retrieving a victim’s login credentials is not nearly enough nowadays, considering that MFA has slowly become standard. However, as mr.d0x showed in its Proof-of-Concept demonstration, WebView2 also boasts cookie extraction capabilities.

“WebView2 also provides built-in functionality to extract cookies,” says the researcher. “This allows an attacker to extract cookies after the user authenticates into the legitimate website.”

In this situation, attackers could simply wait until the victim authenticates into the legitimate website showcased by the malicious app and extract the authentication cookies. This eliminates the need for additional MFA-bypassing or cookie extraction tools.

To make matters worse, the researcher disclosed that WebView2 can also “steal all available cookies for the current user” and that this claim “was successfully tested on Chrome.”

As vicious as this attack may seem, it still requires some social engineering. The victim must first download the malicious file, execute it, then log into their account using the keylogger-infected form within the app.

“This technique has its pros and cons,” as mr.d0x puts it. “The clear trade-off is a binary must be executed on the host machine and the user must enter the credentials into the application.”

To protect yourself against this type of attack, follow healthy cybersecurity protocols, such as:

  • Avoid downloading files from unknown sources, including websites, emails, or URLs in messages
  • Don’t open suspicious links, especially if you don’t know the sender
  • Don’t open unknown attachments, whether they’re documents or executables
  • Avoid entering your credentials into untrusted or unknown applications

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Cyberattack Disrupts 7-Eleven Stores in Denmark Cyberattack Disrupts 7-Eleven Stores in Denmark
Alina BÎZGĂ

August 10, 2022

1 min read
Leaky platform at Chinese adult platform exposed sensitive info of 14 million users Leaky platform at Chinese adult platform exposed sensitive info of 14 million users
Alina BÎZGĂ

August 08, 2022

1 min read
America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns
Filip TRUȚĂ

August 05, 2022

2 min read