An buga bayanai game da hanyar phishing wanda ke ba mai amfani damar ƙirƙirar ruɗi na aiki tare da halaltacciyar hanyar tantancewa ta hanyar sake ƙirƙirar hanyar bincike a cikin wani yanki da aka nuna a saman taga na yanzu ta amfani da iframe. Idan maharan farko sun yi ƙoƙari su yaudari mai amfani ta hanyar yin rajistar yanki masu irin wannan rubutun ko sarrafa sigogi a cikin URL, sannan ta amfani da hanyar da aka tsara ta amfani da HTML da CSS, ana zana abubuwa a saman taga mai bayyana wanda ke maimaita hanyar bincike, gami da a header with window control buttons and address bar , wanda ya hada da adireshin da ba ainihin adireshin abun ciki ba.
La'akari da cewa shafuka da yawa suna amfani da fom ɗin tantancewa ta hanyar sabis na ɓangare na uku waɗanda ke goyan bayan ka'idar OAuth, kuma ana nuna waɗannan nau'ikan a cikin wata taga daban, samar da ƙayataccen mashigin bincike na iya yaudarar ko da gogaggen mai amfani da hankali. Hanyar da aka tsara, alal misali, ana iya amfani da ita akan wuraren da aka yi kutse ko waɗanda basu cancanta ba don tattara bayanan kalmar sirrin mai amfani.
Wani mai bincike wanda ya ja hankali kan matsalar ya wallafa wani shiri na shimfidu wanda ke yin kwatancen ƙirar Chrome a cikin duhu da haske jigogi don macOS da Windows. Ana buɗe taga mai buɗewa ta amfani da iframe da aka nuna akan abun ciki. Don ƙara haƙiƙa, ana amfani da JavaScript don ɗaure masu sarrafa abin da ke ba ku damar matsar da taga mai ɓarna kuma danna maɓallin sarrafa taga.
source: budenet.ru