Hackers over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials.
The BitB phishing technique was developed by security researcher mr.d0x in 2022. Cybercriminals later adopted it in attacks targeting various online services, including Facebook and Steam.
Trellix researchers monitoring malicious activity say that threat actors steal Facebook accounts to spread scams, harvest personal data, or commit identity fraud. With more than three billion active users, the social network is still a prime target for fraudsters.
In a BitB attack, users who visit attacker-controlled webpages are presented with a fake browser pop-up containing a login form.
The pop-up is implemented using an iframe that imitates the authentication interface of legitimate platforms and can be customized with a window title and URL that make the deception more difficult to detect.
According to Trellix, recent phishing campaigns targeting Facebook users impersonate law firms claiming copyright infringement, threatening imminent account suspension, or Meta security notifications about unauthorized logins.
Sample of an email used in the phishing attacks
Source: Trellix
To avoid detection and to increase the sense of legitimacy, cybercriminals added shortened URLs and fake Meta CAPTCHA pages.
In the final stage of the attack, victims are prompted to log in by entering their Facebook credentials in a fake pop-up window.
... continue reading