Beware of fake websites that look exactly like official ones; know how easily they are made

    A blog post by mrd0x.com has informed that Chromium application mode can create realistic desktop phishing applications. Check details here.

    By: HT TECH
    | Updated on: Oct 07 2022, 20:03 IST
    Stay safe from viruses, hackers NOW! Just follow these 5 safety tips
    Keep your device updated
    1/5 Keep your device updated- You should always keep your device updated with the latest software updates. Every time you get a notification regarding the updates from your device manufacturer or operating system provider, make sure you download it. The updates especially related to your internet browser should also be taken care of. You should also keep updating important apps regularly as the updates can bring new features to protect your privacy. (Pixabay)
    Virus
    2/5 Install antivirus software- Having antivirus software installed in your device is a must. It not only protects you from harmful viruses, spyware, but also alerts you about and other threats. It can be known that hackers, viruses can access your device via advertisements, wrong click, among others. (Pixabay)
    image caption
    3/5 Strong password- Passwords can protect your device from unauthorized accesses. You should avoid keeping easy to guess passwords to lock your device like your name, date of birth, mobile number, among others. In order to make your password strong, you should use special characters, numbers, both upper and lower case alphabets. (Pixabay)
    image caption
    4/5 Don't share card details on random shopping websites- There are several apps that let you shop online. However, you need to check the authenticity of the websites and apps before entering your credit card number or providing any other personal information there. You can read the privacy policy and other details carefully before placing an order. (Pixabay)
    image caption
    5/5 Don't click on suspicious links- You should always avoid clicking on random links, like the one you see while browsing the internet, apps, among others. Hackers and fraudsters also send fake emails or messages asking you to click on certain links. But you are advised not to fall for such phishing attacks and crosscheck the official website before taking any action. (Pixabay)
    Fake websites
    View all Images
    Here is all you need to know about phishing with chromium application mode. (Pixabay)

    Hackers are finding new and unique ways to hack your desktop or other devices. And now, a new phishing technique has been found that demonstrates that the Application Mode feature in Chromium-based web browsers namely Google Chrome and Microsoft Edge, can be abused to create realistic desktop phishing applications. Informing about the same mrd0x.com said in a blog post. "In this blog post I show how Chromium's application mode allows us to easily create realistic desktop phishing applications."

    The blog post further informed that the Chromium-based browsers support the app command line flag. This flag will launch a website in application mode which does several things, which are mentioned below:

    1. Causes the site to be launched in a separate browser window

    2. The launched window is given a desktop application appearance rather than a browser appearance

    3. The Windows Taskbar displays the website's favicon rather than the browser's icon

    4. Launches the website while hiding the address bar.

    "We can see the Windows Taskbar is displaying the site's favicon as the icon," the blog post read.

    mrd0x.com further said, "Since application mode hides the address bar, it's up to us now to create the fake address bar. I used the address bar HTML/CSS from my BITB repo (it's signatured so avoid using it in a real engagement) and included it at the top of my site. The Windows Taskbar will display the website's icon and since I changed mine to Microsoft's logo, the taskbar will now reflect that."

    While coming to external or internal phishing, the blog post explained, "Although this technique is meant more towards internal phishing, you can technically still use it in an external phishing scenario. You can deliver these fake applications independently as files. Assuming that you've setup your phishing page with a fake address bar at the top, simply set the --app parameter to point to your phishing site."

    It also informed that with this method you can create a website that impersonates that software's appearance. "You can impersonate Windows login prompts, VPN software, backup software and pretty much anything if you have basic HTML/CSS skills," the blog post read.

    On top of that, the phishing site can make use of JavaScript to take more actions, like closing the window immediately after the user performs an action. It can also be noted that the Chromium application mode works on other operating systems as well.

    Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

    First Published Date: 07 Oct, 19:47 IST
    NEXT ARTICLE BEGINS
    keep up with tech