Hackers steal user account information through a browser-in-browser cyber attack

Information security operating in the field mr.dox nicknamed specialist GitHub-a phishing (phishing) placed the code of the tool. That phishing tool, in turn browser-in-browser allows you to carry out a kind of cyber attack. The phishing tool in question Chrome can be used to create fake windows in the browser. Through such fake windows, hackers can obtain user account information from various resources. Currently the usual login on many sites and already authorized in addition to the password social network accounts and including Google and Microsoft Authorization is possible through user accounts used for services.

This is during a browser-in-browser type cyber attack and or the user within the authorization of another web resource snowA false window appears on the window and you are asked to enter the user account information in that window. The real page in that fake browser window URL address is reflected. However, it cannot be edited. So. that, it is designed to convince the user that the page in question is the real page. Accordingly, after entering the user account information on such a fake page, that information falls into the hands of hackers.

It should be noted that, Hackers have tried to create fake authorization pages before. But it was easy to distinguish them from the real pages. This time, hackers can create fake windows that are no different from real browser windows. To do this, simply edit the URL in the templates, the name of the window and appropriate to present the window to the user iframeneed to create. The shape of the authorization window HTML code can be integrated into the template.