A cybersecurity researcher has developed a new phishing technique that can bypass multifactor authentication and steal login cookies through Microsoft Corp.’s Edge WebView2.
Mrd0x also explains that WebView2 can be used to steal all available cookies for the current user in Google LLC’s Chrome. WebView2 allows an attacker to launch with an existing user date folder rather than creating a new one. The UDF contains all passwords, sessions and bookmarks relating to the user.
The methodology could be easily used to steal and import cookies using a simple Chrome extension such as “EditThisCookie,” Bleeping Computer reported Sunday. However, the more concerning aspect is that the attack methodology completely bypasses MFA, onetime passwords and security keys, since the cookies are stolen after the user is already logged in.
“This attack demonstrates that while useful, MFA is not a silver bullet against phishing attacks,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “Other precautions must be taken to secure accounts and protect organizations against attack.”
Kron explained that the attack relies on a human to take a dangerous action — executing a program downloaded from the internet — to begin its work. That makes it much less of a threat for the average user than one that requires a more easily disguised method. This particularly exposes people who download pirated software or game cheats.
“To protect against attacks such as this, having a policy against downloading or running unapproved software or browser add-ins, and educating users on the dangers of running this type of software, can have a significant reduction in risk for the organization,” Kron added.
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.