There is lots of online coverage of this exploit this morning, band looking into it you can see why. A secondary login pop up window that looks just like the real thing, but it plumbed into a server that collects your credentials. When we teach people how to avoid falling victim to phishing sites, we usually advise closely inspecting the address bar to make sure it does contain HTTPS and that it doesn’t contain suspicious domains such as google.evildomain.com or substitute letters such as g00gle.com. But what if someone found a way to phish passwords using a malicious site that didn’t contain these telltale signs? One researcher has devised a technique to do just that. He calls it a BitB, short for "browser in the browser." It uses a fake browser window inside a real browser window to spoof an OAuth page. Hundreds of thousands of sites use the OAuth protocol to let visitors login using their existing accounts with companies like Google, Facebook, or Apple. Instead of having to create an account on the new site, visitors can use an account that they already have—and the magic of OAuth does the rest. Pop-Up Login Windows Quite often when we authenticate to a website via Google, Microsoft, Apple etc. we’re provided a pop-up window that asks us to authenticate. The image below shows the window that appears when someone attempts to login to Canva using their Google account.... see more here You could do worse than to start with this body of work.
The document lays out the cybersecurity threats posed by Russia, China, Iran, North Korea and transnational criminal organizations. Annual Threat Assessment of the US Intelligence community. https://docs.house.gov/meetings/IG/IG00/20220308/114469/HHRG-117-IG00-Wstate-HainesA-20220308.pdf |