Information has been published about a phishing method that allows the user to create the illusion of working with a legitimate form of authentication by recreating the browser interface in an area displayed over the current window using an iframe. If earlier attackers tried to deceive the user by registering domains similar in spelling or manipulating parameters in the URL, then using the proposed method using HTML and CSS, elements that repeat the browser interface are drawn at the top of the pop-up window, including the title with window control buttons and the address bar A that includes an address that does not match the actual address of the content.
Given that many sites use authentication forms through third-party services that support the OAuth protocol, and these forms are displayed in a separate window, the generation of a fictitious browser interface can mislead even an experienced and attentive user. The proposed method, for example, can be used on hacked or undeserving sites to collect user password data.
The researcher who drew attention to the problem published a ready-made set of layouts that simulate the Chrome interface in dark and light themes for macOS and Windows. The popup window is formed using an iframe displayed over the content. To add realism, using JavaScript, handlers are attached that allow you to move the dummy window and click on the window control buttons.
Source: opennet.ru