Hackers Tricks You With Advanced Phishing Attack using Fake Address Bar on Chrome for Android

Date
Jun 04, 2019
Posted by
admin
Categories
Cyber Security

 

Image result for google chrome keyboard shortcuts

Another type of an advanced phishing attack on Android Chrome let hackers conceal the Orignal address bar’ screen space by showing its own fake URL bar when the user scrolls down the web page.

Security researcher James fisher showed this phishing assault by hosting his own domain (jameshfisher.com), and he abuses the defect in chrome browser for mobile.

The fake address bar that related with the phishing site page presented with genuine site URL by capture the original chrome bar.

Regularly, when we scroll down the website page, browser conceals the URL bar and the site page will cover on it on the grounds that the page got to by means of “trustworthy browser UI”.

Here, the phishing site abusing this procedure by showing its own fake URL bar that acted like an authentic bar and trap clients to give away their own data.

This assault is far and away more terrible, generally when users scrolls up the site page they will again achieve the original URL bar, however for this situation, attackers can trap users to never return the original URL bar.

Scientist call it as “scroll jail”, a trap let move whole page content into it, when users scrolls up the page using another component overflow scroll.

According to James Fisher, the user thinks they’re scrolling up in the page, but in fact they’re only scrolling up in the scroll jail! Like a dream in Inception, the user believes they’re in their own browser, but they’re actually in a browser within their browser.

Behalf of demonstration, Fisher utilizing HSBC domain (www.hsbc.com) as a fake URL bar and, by using a similar way attackers could use any genuine site to intercept the URL bar and trap to steal the data.

“Is this a serious security flaw? Well, even I, as the creator of the inception bar, found myself accidentally using it! So I can imagine this technique fooling users who are less aware of it, and who are less technically literate. The only time the user has the opportunity to verify the true URL is on page load, before scrolling the page. After that, there’s not much escape.” Fisher said. He also believes that it might be a security flaw in Chrome browser.

Previous Post
«
Next Post
»

RELATED POSTS

What is ISO 27001 implementation consulting?
What is ISO 22301? How it works
Why it is essential to secure an ERP’s financial data
Search
Categories
Recent Blogs
CORPORATE OFFICE
Level 2, Augusta Point, Parsvnath Exotica, Sector 53,Golf Course, Gurgaon-122002.
REGISTERED OFFICE
Plot No. 144, 3rd Floor, Pocket-11, Sector – 24, Rohini, Delhi
CANADA
205, West 18th Street, Hamilton,Ontario, Canada.
PIN : L9C468 Ph no. 1-902-989-4313
UNITED STATES
13731 Monarch Vista Dr Germantown MD 20874
MIDDLE EAST OFFICE
Suit #1401, Boulevard Plaza Tower 1, Downtown, Dubai
toll free
1800 212 676767
USA +1 (240) 720-2889
email us
info@gisconsulting.in
webbullindia.com
whatsapp