Avast blog: Watch out for browser-in-the-browser attacks

A man-in-the-middle (MITM) attack consists of a victim, a website the victim would like contact with (such as a bank), and the attacker. The attacker inserts themselves between the victim and the targeted website with the intention to steal personal information such as login credentials, or bank account and credit card numbers. MITMs have consistently been an active development strategy for hackers.

There are several different types of these attacks, including ones that involve running software on a webpage that can infect your computer through your browser. One of them is gaining traction (from the attackers) and is what one security researcher calls browser-in-the-browser. The idea here is that a hacker can write some JavaScript code to present a pop-up window that is another phishing phony to lure you into typing your account information. Look at the two screens reproduced above: it is hard to figure out which is real and which is a threat.

I wrote about this for Avast’s blog here. One way to prevent this exploit is to use a secure browser (such as one from Avast or Brave).

One thought on “Avast blog: Watch out for browser-in-the-browser attacks

Leave a Reply to dstrom Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.