The new phishing POC opens the legitimate Microsoft login form using the embedded WebView2 control. Microsoft Edge WebView2 allows apps to load any web page into a native application and make it look as if they have opened those applications in Microsoft Edge. Microsoft Edge WebView2 allows developers to embed a web browser directly into their native apps with Microsoft Edge. The new phishing technique, known as the WebView2-Cookie-Stealer consist of a WebView2 executable that opens the login of a legitimate website from inside the application. Artificial Intelligence (948) Auto Tech (47) Blockchain (175) CanadianCIO (97) Careers & Education (4437) Channel Strategy (36) Cloud (2095) Communications & Telecom (430) Companies (1080) Data & Analytics (1300) Development (744) Digital Transformation (1242) Distribution (127) Diversity & Inclusion (68) Ecommerce (93) Editorial (1) Emerging Tech (24227) End User Hardware (56) Engineering (80) Financial (169) FinTech (92) Future of Work (351) Governance (107) Government & Public Sector (6099) Human Resources (867) Infrastructure (8526) IoT (6174) ITWC Morning Briefing (132) Leadership (4296) Legal (165) Legislation (178) Managed Services & Outsourcing (4314) Marketing (62) MarTech (3) Medical (32) Mobility (3430) Not For Profit (23) Open Source (30) Operations (86) People (151) Podcasts (2073) Privacy (649) Project Management (1099) Security (8068) Service (44) Smart Home (18) SMB (59) Social Networks (206) Software (4172) Supply Chain (124) Sustainability (118) Tech in Sports (5) Women in Tech (191)Ĭybersecurity researcher mr.dox has developed a new phishing method that uses Microsoft Edge WebView2 applications to steal a user’s authentication cookies and log into stolen accounts, even if they are secured with MFA.
0 Comments
Leave a Reply. |