New address bar spoofing attacks target popular mobile browsers, including Yandex Browser, UCWeb, RITS Browser, and Bolt Browser. On Tuesday, Oct. 22, cybersecurity experts provided the details about the new vulnerability that currently affects multiple mobile browsers, such as Opera Touch and Apple Safari.
The address bar spoofing vulnerability allows hackers and other cybercriminals to deliver malware and conduct spear-phishing attacks, as reported by The Hacker News. Rafay Baloch, a Pakistani security researcher, was the first to discover the flaws in 2020.
Together with a cybersecurity firm called Rapid7, Baloch announced the newly discovered vulnerability in August. The confirmation came before the browser makers addressed the issue over the past few weeks.
Because of the announcement, Opera Mini said that a fix is expected on Nov. 11, 2020. Meanwhile, other browsers, such as Bolt Browser, and UCWeb still hasn’t received any patch yet.
Also Read: Telegram Deepfake Bot Strips Off Photos of Over 100,000 Women-Here’s How Adobe Plans to Fight It!
“The vulnerability occurs due to Safari preserving address bar of the URL when requested over an arbitrary port, the set interval function reloads bing.com:8080 every 2 milliseconds and hence user is unable to recognize the redirection from the original URL to spoofed URL,” said Rafay Baloch in his technical analysis.
According to Rafay Baloch’s blog post, Zscaler’s report found an increase of 85% in phishing attacks in April. The cyberattacks focus on registering domains featuring COVID-19 keywords such as vaccine, Wuhan, and other terms related to coronavirus, for stealing sensitive credentials from unsuspecting users.
They also disseminate malware, such as ransomware, for conducting financial frauds. Microsoft also highlighted the advanced cyber attacks, categorizing email phishing as the most dominant attack vector.
For more news updates about other security threats, always keep your tabs open here at TechTimes.
By clicking on ‘Submit’ button above, you confirm that you accept Tech Times Terms & Conditions
Address bar, Vulnerability, Safari, Mobile browser, Opera, Web browser, Computer security, Apple
World news – THAT – BEWARE: Popular Mobile Browsers Are Vulnerable to New Address Bar Spoofing Attacks