"Clever Phishing Method Bypasses MFA Using Microsoft WebView2 Apps"

A new phishing method uses Microsoft Edge WebView2 applications to steal authentication cookies from victims, enabling threat actors to log into stolen accounts, bypassing multi-factor authentication (MFA). Stolen login credentials are widely available due to a large number of data breaches, Remote Access Trojan (RAT) attacks, and phishing campaigns. However, it is becoming more difficult to utilize these stolen credentials due to the growing use of MFA, unless the threat actor also has access to the target's one-time MFA passcodes or security keys. Threat actors and researchers have developed new strategies for getting around MFA, including using reverse proxies, zero-day vulnerabilities in websites, and methods such as the Browser in the Browser attack and using Virtual Network Computing (VNC) to show remote browsers locally. A new phishing technique developed by a cybersecurity researcher makes use of Microsoft Edge WebView2 applications to quickly and easily steal a user's authentication cookies and log into compromised accounts, even if they are protected by MFA. This new social engineering attack, called WebView2-Cookie-Stealer, involves a WebView2 executable that opens up a legitimate website's login form inside the application when launched. This article continues to discuss findings regarding the new WebView2-Cookie-Stealer social engineering attack.

Bleeping Computer reports "Clever Phishing Method Bypasses MFA Using Microsoft WebView2 Apps"