Researchers have found that Google Chrome’s app mode can be misused for phishing threats.
Used to give ChromeOS users a clean, minimal interface for certain websites such as YouTube, when launched, Application Mode opens a new browser window without the address bar, toolbars, or other familiar elements – even the taskbar shows the website favicon instead of the chrome icon.
But this mode can be abused, cybersecurity researcher mr.d0x has found. If an attacker manages to convince a user to run a Windows shortcut that runs a phishing URL with Chromium’s app mode feature, the user will only see what appears to be the login form for an app. In reality, however, it would be a phishing page that steals (opens in a new tab) people’s login data.
Ever since Microsoft decided to kill malicious Office files, cybercriminals have turned to Windows Shortcut Files (.LNK).
Cybersecurity experts have since uncovered countless attack campaigns that have successfully exploited .LNK files to deliver all kinds of viruses and malware, from QBot to BazarLoader and everything in between. .
Explaining this potential new method, mr.d0x indicates that an attacker could use a shortcut file to launch a phishing “applet” on the victim’s terminal:
- For Chrome:
“C:Program FilesGoogleChromeApplicationchrome.exe” –app=https://example.com
- For Microsoft Edge
“c:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe” –app=https://example.com
There are several ways to abuse this flaw, mr.d0x added, including gaining access to the target device, using a portable HTML file with the embedded “-app” parameter, or using the Browser-in technique. -the-Browser to add a fake address bar. Finally, the attack can also be launched on macOS and Linux devices, he said.
Via: BleepingComputer (opens in a new tab)