What is it?
Proof of concept phishing attack with a fake browser window created with HTML/CSS/Javascript. Only really works visually if you're using Chrome on OSX.
Demo
- Launch the fake browser window by clicking here
- Navigate to gmail.com
- Notice the fake nature of the page you arrive at
How does it work?
The fake browser window is created with simple HTML and CSS, with some Javascript to intercept the 'gmail.com' domain and a fake page instead. All other pages are served in an iFrame. A determined attacker could sniff for browser and OS and create a multitude of these, with much more of the browser functionality duplicated.
Hat tips: Net-Security and BadBlue News.
No comments:
Post a Comment