A new threat puts Windows systems and users’ privacy at risk . This is a Phishing attack that allows the cybercriminal to take control of cookies and many other system data. This attack would allow them to log into victim accounts. We are going to explain how exactly it works and also give some essential tips so that you can avoid the problem and improve system protection.
New Phishing attack on Windows
A Phishing attack basically consists of taking the victim to a link or to install a program that is actually a fraud. They can ask us to click on something to solve an error, for example, but when it comes to putting the data they will end up on a server controlled by the attacker.
What this new Phishing attack method does is avoid two-step authentication . When we log in to a platform, such as a social network or any online service, on many occasions we have to enter a code that we receive by SMS, e-mail or an application, in addition to the password. This usually happens the first time we log in from a computer, since from then on it will store the cookies with the credentials and it will understand that we are the legitimate user and will not ask for it again on that computer, or at least not for a while.
What this new Phishing attack does is steal those cookies. This is a new attack that uses Microsoft Edge WebView2 functionality. This allows stealing account credentials, bypassing two-factor authentication, and filtering cookies. But what is this WebView2? It is a service that allows developers to incorporate web content into their Windows applications. They can embed HTML, CSS, and JavaScript code in the custom app and use Microsoft Edge to render web content.
It is really an interesting feature, but unfortunately it can be exploited by an attacker to launch these kinds of threats. It takes advantage of the ability to use JavaScript . The mr.dox security researcher managed to inject malicious code into legitimate sites using WebView2. Being a legitimate site, it did not set off any alarms and was able to launch the Phishing attack and steal the authentication cookies. But in addition, it is capable of stealing all the cookies of the active user. For example, it could steal user data from Chrome and other browsers. This includes passwords, bookmarks, personal information…
How to avoid these attacks
A key point is that in order to execute this type of attack, it is necessary to install a fake program. That is what is going to allow this functionality of Microsoft Edge to be exploited and that the attacker can steal the cookies and thus be able to access the passwords and all kinds of information of the victim.
Therefore, the most important thing is common sense . Never install an application without really knowing what it is about, without knowing if the source is trustworthy. It is essential to go to official sites or legitimate app stores. This way you will avoid installing software that could have been maliciously modified.
It is also essential to keep everything up to date . It is common for vulnerabilities to arise in browsers, operating system or any other installed program. The developers themselves release patches and updates to fix these bugs. Therefore, if you always keep everything updated you can avoid many problems.
Likewise, having a security program is essential. Having a good antivirus can alert you if you mistakenly download a threat or install a program that could actually be malware. Windows Defender, for example, is a good option. Of course, it is important to avoid false positives in Windows antivirus. Sometimes you can detect a threat that is not really a threat.