Researcher found the inception bar, a new phishing method on Chrome for mobile

by ·

A new phishing technology called “Inception Bar” has appeared and is proven to work on Chrome for mobile. This method allows hackers to block real URLs on Chrome for mobile and display fake URLs with a padlock icon to trick users into believing that the page they are scrolling is legitimate and secure. Worse, fake URLs can also be displayed as dynamic bars with interactive content.

Developer Jim Fisher inadvertently discovered this method and experimented on his personal blog to show how it works. In Chrome for mobile, when the user swipes down the page, the browser hides the URL bar and makes more room for the page. Because of this, phishing sites are able to display their own fake URL columns.

Typically, when the user scrolls up, Chrome redisplays the URL bar. But hackers can trick Chrome into making the real URL bar never redisplay.

Once Chrome hides the URL bar, we move the entire page content into a “scroll jail” – that is, a new element with overflow:scroll. Then the user thinks they’re scrolling up in the page, but in fact they’re only scrolling up in the scroll jail! Like a dream in Inception, the user believes they’re in their own browser, but they’re actually in a browser within their browser.”

Although hackers can use the static image of the URL bar to mask the real URL, they can even create an interactive URL bar that makes it look more trustworthy.

So far, there have been no reports of malicious use of this method to cause damage. We can take some measures to protect ourselves from the “Inception Bar” attack:

  • While browsing a webpage on Chrome for mobile, lock the screen and then unlock it. Doing so will automatically show the real URL bar that was hidden while scrolling through a webpage. In case the inception bar trickery is at work, users will see two URL bars simultaneously – the real one at the top and the doctored one below it.
  • Inception bars often display an incorrect number of tabs, so if you keep a check on the number of webpages you have opened in different tabs, the anomaly can be spotted.
  • Chrome’s dark mode renders all UI elements black. So, if a hacker has superimposed a fake URL bar, it will appear white or in a different colour. This can also be tested by switching back to the normal mode in order to identify a fake URL bar if the image was created against a dark background. You can also enable the Reader mode or change background themes to spot any suspicious UI element.

Source: gadgets | Via: James Fischer

Tags: