Phishing Attack Affects Browser

  • 0
Phishing Attack Affects Browser

Phishing Attack Affects Browser

Category : Blog

Phishing Attack Affects Browser

A Chinese security researcher has revealed a scary phishing attack that is almost impossible to detect in web browsers like Chrome, Firefox, and Opera. The attack uses unicode characters in domains that look exactly like the common ASCII characters. For example, “xn--pple-43d.com” is equivalent to “аpple.com”. This Phishing Attack Affects Browser.

Punycode is a way of depicting Unicode using the limited character subset of ASCII which is used for internet host names. It makes it possible to register domain names with foreign characters. For example, the domain name “xn--s7y.co” is same as “短.co”. Using the example, a security researcher has shown the proof-of-concept of a scary attack.

The concept of the attack is very old, it has recently placed to the current versions of browsers like Google Chrome, Mozilla Firefox, and Opera. These browsers show unicode characters in domain names as normal characters, which makes it impossible to notice the domains.

Due to this fault in doamin, it is possible to register domains like “xn--pple-43d.com”, which is same to “аpple.com,” the Chinese security researcher  Xudong Zheng writes.

Phishing Attack Affects BrowserIn the picture , ‘аpple.com’ uses Cyrillic ‘а’ (U+0430), instead of the ASCII ‘a’ (U+0041). This is also called a homograph attack.

So, do you think that our web browsers totally incompetent against such attacks? Well, most browsers have some protection enabled such as online virus security but they don’t detect each and every version of such attacks. For example, if the attacker only replaces ASCII characters with characters from a single foreign language, the protection fails.

This attack vector, doesn’t affect Internet Explorer, Microsoft Edge, and Safari web browsers fortunately.

On January 20, this bug was reported to Firefox and Chrome. While the fix has landed in Chrome Canary browser. The issue remains unaddressed in Firefox.

Zheng recommends using a password manager to protect your browser. He also advises that users must pay close attention to a site’s URL when entering personal information very carefully.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Leave a Reply

Show Buttons
Hide Buttons