A new browser-based phishing attack, called Fullscreen Browser-in-the-Middle (BitM), leverages fullscreen API to hide malicious sites and deceive users without exploiting vulnerabilities. This technique is especially effective on Safari, which provides no warning, making it harder for users to detect fraudulent login pages. #BitM #FullscreenAPI
Keypoints
- The BitM attack disguises fake login pages by using fullscreen mode to hide URLs.
- Safari browsers do not display any warning when entering fullscreen, increasing vulnerability.
- Traditional notifications in Chrome and Firefox are subtle and often overlooked by users.
- The attack was demonstrated using malvertising leading victims to fake login pages like Figma.
- User awareness and browser protections are essential to defend against this evolving threat.
Read More: https://www.infosecurity-magazine.com/news/browser-exploit-technique/