MY BRAND BOOK The BITB attack makes phishing almost undetectable

The BITB attack makes phishing almost undetectable

By MYBRANDBOOK

An unfamiliar phishing technique called browser-in-the-browser (BitB) attack can be exploited to imitate a browser window within the browser in order to trick a legitimate domain, thereby making it possible to stage convincing phishing attacks.

In early 2020, a campaign that leveraged the BitB trick to siphon credentials for video game digital distribution service Steam by means of fake Counter-Strike: Global Offensive websites was discovered.

According to penetration testers and security researchers, the method takes advantage of third-party single sign-on (SSO) options embedded on websites such as "Sign in with Google" (or Facebook, Apple, or Microsoft).

While the default behavior is to be greeted by a pop-up window to complete the authentication process when a user attempts to sign in via these methods, the BitB attack aims to replicate this entire process using a mix of HTML and CSS code to create an entirely fabricated browser window.

Potential victims need to be redirected to a phishing domain that can display such a fake authentication window for credential harvesting, while this method significantly makes it easier to mount effective social engineering campaigns.

Normally, the measures taken by a user to detect a phishing site include checking to see if the URL is legitimate, whether the website is using HTTPS, and whether there is any kind of homograph in the domain, among others. In this case, everything looks fine as the domain is steamcommunity[.]com, which is legitimate and is using HTTPS. But when it is tried to drag this prompt from the currently used window, it disappears beyond the edge of the window as it is not a legitimate browser pop-up and is created using HTML in the current window.

BREAKING NEWS

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

TECHNO TRENDS

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

E-Magazine

TECHNOTAINMENT

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b

MOVERS & SHAKERS

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this

OPEN YOUR EYES

The rise in internet usage has opened the doors to conduct cyber-attacks

How Technology companies are bringing innovative solutions during COVID-19

India is the fastest growing digital economies, Shaping Towards the New Normal

COVID-19 Brings Opportunity For Businesses To Tide Over The Current Crisis

Digital banking brings revolution during COVID-19

INTERVIEWS

Bolstering its commitment to help build a truly self-reliant B

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

A good amount of R&D works and global support services are operated out of

Alpha Max offers high end solutions in the network space to en

The vision at Alpha Max is to attain quality as the trademark and create a

HOT PICK

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr

MAKE IN INDIA BRANDS

BPE INDIA PVT. LTD.

MATRIX COMSEC PVT. LTD.

HP INDIA SALES PVT. LTD.

MICROTEK INTERNATIONAL PVT. LTD.

EMINENT CIO'S OF INDIA

AI SYSTEMS ARE ENABLING A SEISMIC SHIFT IN THE WORLD OF CYBERSECURITY

AI’s analytical prowess enables it to analyze an...

HARNESSING THE POWER OF BIG DATA TO GAIN VALUABLE INSIGHTS

A Technology certainly drives innovation and busin...

GAINING CUSTOMERS’ TRUST IS ESSENTIAL FOR SMOOTH OMNICHANNEL INTERACTIONS

In the fiscal year 2024-25, our organization has i...

ICONS OF INDIA

ICONS OF INDIA : VINAY SINHA

Vinay Sinha is the Managing Director of Sales for the India Mega Regio...

ICONS OF INDIA : SUNIL BHARTI MITTAL

Sunil Bharti Mittal is the Founder and Chairman of Bharti Enterprises,...

Icons Of India : GAUTAM ADANI CHAIRMAN ADANI GROUP

Gautam Adani is the Founder and Chairman of the Adani Group, which ran...

PARTNER SPEAKERS

"We will either find a way or make one"

A provider of high-quality IT products and services, Bluecom Infotech caters t...

Gauging Brand Awareness with Data-Driven insights

Arrow PC Network utilizes data-driven insights extensively to gauge brand awar...

A Trusted IT Partner Renowned For Reliability, Expertise, and Customer-Centricity

Fast paced changes in digital technology and constant innovations are impactin...

PSU

GeM - Government e Marketplace

GeM is to facilitate the procurement of goods and services by various ...

EESL - Energy Efficiency Services Limited

EESL is uniquely positioned in India’s energy sector to address ener...

BEL - Bharat Electronics Limited

BEL is an Indian Government-owned aerospace and defence electronics co...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024: DELL TECHNOLOGIES INC.

Dell Technologies has been at the forefront of developing edge computing solut...

Most Trusted Brands 2024: HCL TECHNOLOGIES LTD.

HCL Technologies Ltd. (HCLTech) has been at the forefront of technological inn...

Most Trusted Brands 2024: BHARTI AIRTEL LTD.

Airtel is a global communications solutions provider serving over 500 million ...

Global Indian industry

Indian Tech Talent Excelling The Tech World - Satya Nadella, Chairman & CEO- Microsoft

Satya Nadella, the Chairman and CEO of Microsoft, recently emphasized ...

Indian Tech Talent Excelling The Tech World - Rajiv Ramaswami, President & CEO, Nutanix Technologies

Rajiv Ramaswami, President and CEO of Nutanix, brings over 30 years of...

Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy

Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...

STARNITE AWARDS 2024

ITFORUM 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY