Hackers Can Use ‘App Mode’ in Chromium Browsers’ for Stealth Phishing Attacks

From thehackernews.com

Advanced Phishing Attacks

In what’s a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create “realistic desktop phishing applications.”

Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website’s favicon and hiding the address bar.

According to security researcher mr.d0x – who also devised the browser-in-the-browser (BitB) attack method earlier this year – a bad actor can leverage this behavior to resort to some HTML/CSS trickery and display a fake address bar on top of the window and fool users into giving up their credentials on rogue login forms.

Read more…