New Attack Method Devised to Abuse Microsoft WebView2 and Bypass MFA


A new phishing method could take use of Microsoft Edge WebView2 applications to harvest victims’ authentication cookies, allowing hackers to log into accounts without utilising MFA. A proof-of-concept for the attack’s WebView2 executable, which launches a legitimate Microsoft login form, was made by the researcher.

The exploit enables an attacker to steal authentication cookies and log keystrokes by inserting JavaScript inside a webpage that is loaded by an application. Read More…