ManageEngine x Forrester | Tips to strengthen security in the age of AI

Recent AD News

Phishing has become more untraceable with this novel technique

A new UI redressing technique, know as Browser In The Browser (BITB), has given phishing a shot in the arm by making such attacks nearly untraceable in their design. This method is used to steal login credentials by juxtaposing a realistic replica of a third-party SSO login window that is usually redirected by a website’s login page (Instagram, Facebook, Twitter etc.). For instance, if a user sign into a website via Google, the BITB attacker spoofs Google’s authentication window to dupe the user of their credentials.

According to the pseudonymous cybersecurity researcher mr.dox, BITB attacks, under the guise of a reliable URL domain, are executed by faithfully replicating the window’s design using HTML/CSS techniques. The designed window is then combined with an iframe that directs to a malicious server that hosts the phishing page.

The article also pointed to a github link that contains the templates of fake login windows of Windows and Mac OSX browsers created by mr.dox for testing purposes.

To avoid such attacks, users should try resizing or scrolling the popup window before authentication; if the window fails to respond accordingly, then it is fake. Although a well-written Javascript code can respond to such commands with precision and these actions can be hard to implement in a mobile browser. Another method of mitigation is to deploy password managers that can efficiently maintain federated identities and secure them from malicious pages.

Related posts
Recent AD News

Chinese hacker group 'Naikon' strikes again: Targets ASEAN nations

Recent AD News

Bumblebee: A new malware loader on the prowl

Recent AD News

FBI issues alert: A lethal ransomware that breached 60 companies

Recent AD News

Israel's Pegasus spyware finds a new target


There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.