New Phishing attack on Windows
A phishing attack It basically consists of taking the victim to a link or to install a program that is actually a scam. They can ask us to click on something to solve an error, for example, but when it comes to putting the data they will end up on a server controlled by the attacker.
What this new Phishing attack method does is bypass two-factor authentication. When we log in to a platform, such as a social network or any online service, on many occasions we have to enter a code that we receive by SMS, e-mail or an application, in addition to the password. This usually happens the first time we log in from a computer, since from then on it will store the cookies with the credentials and it will understand that we are the legitimate user and will not ask for it again on that computer, or at least not for a while.
What this new Phishing attack does is steal those cookies. This is a new attack that uses the functionality Microsoft Edge WebView2. This allows stealing account credentials, bypassing two-factor authentication, and filtering cookies. But what is this WebView2? It is a service that allows developers to incorporate web content into their Windows applications. They can embed HTML, CSS, and JavaScript code in the custom app and use Microsoft Edge to render web content.
It is really an interesting feature, but unfortunately it can be exploited by an attacker to launch these kinds of threats. It takes advantage of the ability to use javascript. The mr.dox security researcher managed to inject malicious code into legitimate sites using WebView2. Being a legitimate site, it did not set off any alarms and was able to launch the Phishing attack and steal the authentication cookies. But in addition, it is capable of stealing all the cookies of the active user. For example, it could steal user data from Chrome and other browsers. This includes passwords, bookmarks, personal information…
How to avoid these attacks
A key point is that in order to execute this type of attack, it is necessary to install a fake program. That is what is going to allow this functionality of Microsoft Edge to be exploited and that the attacker can steal the cookies and thus be able to access the passwords and all kinds of information of the victim.
Therefore, the most important thing is common sense. Never install an application without really knowing what it is about, without knowing if the source is trustworthy. It is essential to go to official sites or legitimate app stores. This way you will avoid installing software that could have been maliciously modified.
It is also essential to have All updated. It is common for vulnerabilities to arise in browsers, operating system or any other installed program. The developers themselves release patches and updates to correct these bugs. Therefore, if you always keep everything updated you can avoid many problems.
Likewise, having a security program is essential. Having a good antivirus can alert you if you mistakenly download a threat or install a program that could actually be malware. Windows Defender, for example, is a good option. Of course, it is important to avoid false positives in Windows antivirus. Sometimes you can detect a threat that is not really a threat.
