A security researcher has just proved that it is possible to easily and perfectly imitate connection windows to online services. A simple technique, but difficult to detect, which should wreak havoc…
You will now have to be very careful when you connect to an account associated with an online service. As revealed Bleeping Computer, a security researcher dubbed mr.d0x has just shown that it is extremely easy to create fake login popups to steal user IDs and passwords. And to prove his statements, this expert even published on Github out-of-the-box templates to generate lifelike imitations for Chrome (Windows and macOS) that budding hackers can use to hack into Google, Microsoft, Facebook, Apple and other accounts. Enough to make millions of victims, because usurpation is particularly difficult to detect, even by informed and careful users…
The method implemented by the famous mr.d0x does not require very advanced technical knowledge. Based on HTML and JavaScript languages and CSS style sheets – very common tools – it makes it very easy to create connection windows identical to those displayed in a Web browser, when you want to connect to a service. online via a Google, Facebook or other account – a very common proposition on the web. As can be seen from the illustration he published in his article (see below), the imitation is almost perfect. Including in the details: text, fields, buttons, colors, everything is faithful to the original. No reason to be suspicious a priori.
But the worst thing is that the usual clues to detect deception in phishing attempts are also disguised. Thus, with JavaScript, the URL that appears stealthily when hovering the mouse over a button or a link can perfectly well be replaced by a legitimate address in the form of text while in fact pointing to a dangerous page, on the hacker’s server. Ditto for the small padlock located in front of the main URL in the browser, which in principle indicates that the connection is secure, but which is replaced by a simple image… The illusion is perfect, as we can see in the small animation that mr.d0x posted as an example.
The researcher’s demonstration is frightening. Especially since it provides ready-to-use phishing kits! And the only way to detect the trap is to carefully monitor the address of the website you land on before the forged login pop-up window appears. Doubtful address which should alert, because, for the time being, it can only correspond to the pirate’s server. Suffice to say that this kind of detail can go completely unnoticed, especially when you are in a hurry. And that this method, as simple as it is effective, risks causing many victims in the near future if no one finds the solution…