A LOOPHOLE in Google Chrome exposes users to cyber crooks.
According to a cyber researcher, the browser’s “App Mode” can be exploited to hit users with phishing attacks.
1
The feature strips back websites so you can view them as apps, removing the address bar, toolbars and other familiar elements.
It’s a useful way to view a clean, minimal interface for websites such as YouTube – but hackers have found a way to exploit it.
That’s because it can be used to generate a realistic-looking login screen that’s actually a fake website operated by crooks.
The loophole was discovered by prominent cybersecurity researcher mr.d0x, who shared his find in a recent blog post.
He showed that an attacker can easily send a user a message containing a link that launches a phishing website in App Mode.
Because it opens in App Mode, the user will only see what appears to be a login for a popular app, such as Facebook or Instagram.
If the same link were opened in the regular version of Chrome, the user would clearly see the address bar with a suspicious URL.
Attackers could therefore use the loophole to easily disguise their phishing websites as legitimate ones.
Users who fall for the ploy would inadvertently surrender their social media account logins or possibly their online banking credentials.
According to mr.d0x, the most likely way to launch such an attack would be through Windows shortcut files (.LNK).
As well as Google Chrome, App Mode is available in all Chromium-based browsers, including Microsoft Edge.
The Sun has reached out to Google for comment.
Phishing attacks lure victims to a website that appears to be operated by a trusted entity, such as a bank, social media platform or other service.
The website, however, is phoney with fake content designed to trick a victim into a false sense of security.
The phoney site may ask the victim to enter sensitive information, such as a password or email address.
Alternatively, it might encourage the user to download a seemingly innocuous app that installs malware onto their device.
Be suspicious of texts or emails sent to you from unknown numbers or addresses.
Importantly, do not click on a link or download an attachment sent to you by someone who you don’t know.
If you think you’ve fallen victim to a scam, you should contact your bank immediately to stop any outgoing payments.
You should also get your bank to look into a possible refund.
If you’ve handed over a password for an online account, phone up the organisation and get the account locked down. You may be able to get it reinstated at a later date.
In the UK, you can report a suspected scam email to the National Cyber Security Centre here.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
