[ad_1]
Phishing is not really a new topic in cybersecurity, although we often find new and creative methods to carry out this practice. One of these ways is the newly discovered and intelligently titled "creative bar".
With the kind permission of developer James Fisher, this simple trick has been demonstrated in Chrome for mobile and exploits browser behavior regarding the address bar. As you scroll down the screen, in order to give more space to the web page, Chrome likes to hide the address bar. It's exactly where this "Inception Bar" comes in.
As can be seen above, the proof of concept used the HSBC website to replace the actual website on which the user was located. This is done via something that Fisher calls a "scrolling prison", in which all the content of the page is trapped in a new overflow element: scrolling, creating a kind of browser in a browser – a reference to the years 2010 beginning and his dreams in the concept of dreams. Depending on the length desired by the attacker, the dummy address bar could even be made interactive.
To create a more elaborate illusion, the developer said that malicious people could go so far as to add a "very high fill element at the top of the scrolling prison." This would prevent Chrome from re-displaying the address bar when a user scrolls the screen by simply scrolling it again when trying to scroll through the screen. Screen up to the aforementioned scroll prison. In fact, this would look like an actualization of the page.
Although the illusion may very well be broken by simply navigating one of the Chrome menus, it is nevertheless a disconcerting, although very creative, way of implementing a phishing attack.
Source: James Fisher
[ad_2]
Source link