A security researcher has presented a new phishing method that makes itself complicit in WebView2 applications in Microsoft Edge. The attack bypasses multi-factor authentication and defeats an important security feature.
That reports that Bleeping Computer Online Magazine is an advanced phishing method targeting Windows users. In general, using multi-factor authentication (MFA) makes access to sensitive data more difficult, but once this hurdle is overcome, an attack from the outside is relatively easy. Of the Security researcher, Mr.d0x has now introduced a method that uses Microsoft Edge WebView2 applications to steal authentication cookies from a user. However, this only works if the attacker has already obtained the credentials for the accounts he wants to take over through other leaks. Stealing the MFA is just the last step. Infographic: These are the most successful subject lines in phishing
WebView2 Cookie Stealer
A telltale map
However, the real strength of this type of application is its ability to steal all cookies sent by the remote server after user login, including authentication cookies. As mr.d0x explained to BleepingComputer, the application creates a folder with Chromium user data when it runs for the first time and then uses that folder for each subsequent installation.
The malicious application uses a built-in WebView2 interface to export the website’s cookies after successful authentication and return it to the attacker. Once the attacker has decrypted the base64-encoded cookies, they will have full access to the website authentication cookies and can use them to login into a user account. However, the exploitability of this vulnerability is limited, as victims must first load an executable program, which the hacker then uses to initiate access.
This can also happen undetected, for example via email attachments, random downloads from the internet, cracks, and warez or game cheats. “This social engineering technique requires an attacker to persuade a user to download and run a malicious application,” Microsoft told Bleeping Computer in a statement about the new technique. Microsoft advises: “We encourage users to use safe computer habits, avoid running or installing applications from unknown or untrusted sources, and keep Microsoft Defender (or other anti-malware software) up to date.”
It has been a long time since I joined Research Snipers. Though I have been working as a part-time tech-news writer, it feels good to be part of the team. Besides that, I am building a finance-based blog, working as a freelance content writer/blogger, and a video editor.