A cybersecurity researcher has developed a new phishing technique that can bypass multi-factor authentication and steal login cookies through Microsoft Corp’s Edge WebView2.
Mrd0x also explains that WebView2 can be used to steal all cookies available to the current user in Chrome from Google LLC. WebView2 allows an attacker to launch with an existing user date folder rather than creating a new one. The UDF contains all user-related passwords, sessions, and bookmarks.
The methodology could be easily used to steal and import cookies using a simple Chrome extension such as “EditThisCookie”, Bleeping Computer reported Sunday. However, the most concerning aspect is that the attack methodology completely bypasses MFA, one-time passwords and security keys, as cookies are stolen after the user is already logged in.
“This attack demonstrates that while useful, MFA is not a magic bullet against phishing attacks,” Erich Kron, security awareness advocate at the awareness training firm, told SiliconANGLE. to KnowBe4 Security Inc. “Additional precautions must be taken to secure accounts and protect organizations from attack.”
Kron explained that the attack relies on a human to take a dangerous action – running a program downloaded from the Internet – to begin its work. This makes it a much smaller threat to the average user than one that requires a more easily disguised method. This especially exposes people who download pirated software or game cheats.
“To protect against such attacks, having a policy against downloading or running unapproved software or browser add-ons, and educating users about the dangers of running such software, may have a reduction significant risk to the organization,” Kron added.