“`html
CNBC AI News – June 2nd
Security firm SquareX has issued a stark warning: a new phishing technique dubbed “Browser in the Middle” is making the rounds, potentially allowing hackers to pilfer sensitive user data, including account credentials, right under their noses.
This insidious tactic, essentially a sophisticated form of man-in-the-middle attack, leverages deceptive tactics. It works by presenting users with convincing—yet fake—login pop-up windows, tricking them into divulging their usernames and passwords, thereby handing over the keys to their digital kingdoms.
The vulnerabilities exploited by “Browser in the Middle” are rooted in design flaws prevalent in widely used web browsers like Chrome, Edge, and Safari. Attackers are exploiting the browsers’ Fullscreen API to display these fraudulent login screens in “full screen” mode. This sleight of hand successfully obscures the real website’s URL, further enhancing the illusion and the likelihood of a successful phishing attempt.
Researchers are quick to point out that the Fullscreen API functions aren’t explicitly defined for third-party websites, which gives threat actors the room they need to maneuver. Attackers are thus able to embed a bogus “login” button directly onto the deceptive pop-up window.
When clicked, the user encounters an abrupt shift to a full-screen view. It’s a clever distraction, making it less likely for the user to notice the missing or incorrect URL in the address bar, which would give away the charade.
The report highlights that Apple’s Safari browser is at the highest risk because its transition to full-screen mode offers no visual cues or warnings. While Chromium-based browsers like Chrome and Edge do give a brief indication, it’s typically only visible for a few seconds – often not enough to alert the user to the potential danger.
“`
Original article, Author: Tobias. If you wish to reprint this article, please indicate the source:https://aicnbc.com/1547.html
