"BitB was first documented by security researcher mr.d0x in March 2022, detailing how it's possible to leverage a combination of HTML and CSS code to create fake browser windows that can masquerade as login pages for legitimate services in order to facilitate credential theft. "BitB is principally designed to mask suspicious phishing URLs by simulating a pretty normal function of in-browser authentication - a pop-up login form," Push Security said."
"In one attack chain observed by the company, users who land on a suspicious URL ("previewdoc[.]us") are served a Cloudflare Turnstile check. Only after the user passes the bot protection check does the attack progress to the next stage, which involves displaying a page with a "Sign in with Microsoft" button in order to view a PDF document."
Sneaky 2FA PhaaS added Browser-in-the-Browser (BitB) capabilities to present fake in-browser login pop-ups that show legitimate Microsoft URLs while loading malicious iframes. Attackers host a landing page (e.g., previewdoc[.]us) that first presents a Cloudflare Turnstile bot check then displays a "Sign in with Microsoft" button to view content. Clicking the button opens an embedded BitB login window that captures credentials and session details and exfiltrates them to the attacker for account takeover. The BitB technique uses HTML/CSS to mimic browser chrome and enables lower-skilled actors to scale phishing operations while masking suspicious URLs.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]