Hackers Now Tricking Users with Fake Address Bars on Chrome

Hackers Now Tricking Users with Fake Address Bars on Chrome
Hackers now take the aid of another and a rather
refined phishing attack on Android Chrome only so to shroud the original
address bar’s screen space by showing its very own fake URL bar when the user
scrolls down the site’s page.
The fake address bar that relates with the phishing website
page posed with real webpage URL by intercepting the original chrome bar.
Typically, when users scroll down the site’s page, the browser shrouds the URL
bar and the page covers overlaps on it in light of the fact that the page is
accessible to by means of a “trustworthy browser UI”.
Here, the phishing site manhandles this procedure by
displaying its very own fake URL bar that acted like an authentic one and
trapped users to give away their own personal information.
Security researcher James Fisher exhibited this
phishing attack by facilitating his own domain (jameshfisher.com), as he
exploited the blemish in chrome browser for mobile.
Fisher used the HSBC domain (www.hsbc.com) as a fake
URL bar to proceed with the said demonstration 
and by utilizing a similar way the attackers resort to when they utilize
any legitimate site, intercept the URL bar and steal the information.
Specialist call it as “scroll jail”, when
this attack gets even worse for wear, for the most part when the users look up
the site page however again reach the first URL bar, here the attackers trap
the users to never return on the original URL bar.
According to Fisher, the attack resembles in a dream
in inception, the user believes that they’re in their own browser, yet they’re
actually in a browser inside their browser.
this a serious security flaw? Well, even I, as the creator of the inception
bar, found myself accidentally using it! So I can imagine this technique
fooling users who are less aware of it, and who are less technically literate.
The only time the user has the opportunity to verify the true URL is on page load,
before scrolling the page. After that, there’s not much escape”, says Fisher,
who is also of the believe that it might be a security flaw in Chrome browser
causing the commotion.

Share this with Your friends:

Leave a Reply

Your email address will not be published. Required fields are marked *