>
Researchers have discovered that Google Chrome’s application mode can be exploited for phishing threats.
Used to provide ChromeOS users with a clean, minimal interface to certain websites such as YouTube, when application mode is launched, a new browser window is displayed without the address bar, toolbars, or other familiar elements – even the taskbar displays the website’s favicon in instead of the Chrome icon.
But this mode can be exploited, cybersecurity researcher mr.d0x discovered. If an attacker succeeds in convincing a user to run a Windows shortcut that executes a phishing URL using Chromium’s application mode, the user will only see what appears to be the login form for an app. However, in reality it would be a phishing page stealing (opens in new tab) people’s credentials.
Shortcut Files
Ever since Microsoft started killing malicious Office files, cybercriminals have increasingly turned to Windows shortcut files (.LNK).
Cybersecurity experts have since discovered countless attack campaigns that have successfully used .LNK files to deliver all sorts of viruses and malware, from QBot to BazarLoader and everything in between.
Explaining this new potential method, mr.d0x says that an attacker can use a shortcut file to launch a phishing applet on the victim’s endpoint:
- For chrome:
“C:Program FilesGoogleChromeApplicationchrome.exe” –app=https://example.com - For Microsoft Edge
“c:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe” –app=https://example.com
There are multiple ways to exploit this flaw, added mr.d0x, including accessing the target device, using a portable HTML file with the “-app” parameter embedded, or using the Browser-in-the -Browser technique to a fake address bar. Finally, the attack could also be carried out on macOS and Linux devices, he said.
Through: BleepingComputer (opens in new tab)