Browser-in-the-Browser Attack Makes Phishing Nearly Invisible


There’s another another way to dupe targets into handing over critical data: a coding ploy that’s undetectable to the human eye. A browser-in-the-browser (BitB) attack is a new phishing tactic unveiled last week by mr.d0x, a penetration tester and security researcher who goes by the moniker mr.d0x.

The new method makes use of third-party single sign-on (SSO) alternatives like ““Sign in with Google,”” Facebook, Apple, or Microsoft, which are incorporated on websites that display popup windows for authentication.

Read More…