Clever phishing method bypasses MFA using Microsoft WebView2 apps


A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts.

With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant.

However, the increasing adoption of multi-factor authentication (MFA) has made it difficult to use these stolen credentials unless the threat actor also has access to the target’s one-time MFA passcodes or security keys.

Read more…
Source: Bleeping Computer