Chrome, Opera and Firefox vulnerable to undetectable phishing attack

A new flaw threatens the cybersecurity of Chrome, Opera and Firefox. The phishing attack manages to disguise itself and is difficult to block

Do you usually use one of Chrome, Firefox or Opera as your web browser? Watch out, because a new threat is hovering over these services. They are three of the most popular and most used browsers, often considered as very secure as well. Yet a new phishing attack puts users at risk.

Hackers have generated a new phishing-style attack within Chrome, Firefox and Opera that is very difficult to predict and avoid. It creates fake sites, very similar to the originals, where the user if they enter can lose their credentials and data. Among the imitated sites we find those of Apple, eBay and even Google itself. The new threat was discovered by Chinese cybersecurity researcher Xudong Zheng. It is a variant of a cyber criminal attack already reported in 2001 by two Israeli researchers, Evgeniy Gabrilovich and Alex Gontmakher, and now back in fashion.

How the phishing attack works

Before explaining how the hacker attack works it is necessary to make a clarification. In the past years cyber criminals used different graphic characters to create fake sites with an identical domain to the original one. For example, the domain xn-pple-43d.com would be the equivalent of apple.com  but written with a Cyrillic "A" at the beginning. Web browser vendors have been working on this for years, introducing URL filters such as Punycode, instead of Unicode, which generated strong misunderstandings based on the different characters of the various languages.

The flaw

In a post on his blog, however, Zheng showed that this technique is not enough to keep cyber criminals away. Thanks to several vulnerabilities in the URL transcription based on the various codes used, such as Chinese or Cyrillic characters, it is still possible to create fake sites with domains absolutely identical to the original. To demonstrate this Zheng created the domain xn-80ak6aa92e.com which in Cyrillic means аррlе.com (in Cyrillic characters). A technique that would fool anyone, even experienced users.

Secure Web Browsers

Not every browser out there has this flaw. Only Chrome, Firefox and Opera, Because of the filters they use for URLs. Edge, Internet Explorer and Safari, to name a few, are immune to this attack. Zheng stated that he has been alerting Google for some time and the Mountain View company announced that by the end of April at the latest, it will fix the problem completely. Mozilla is thinking about improvements that will take a bit more time, but in the meantime they can manually disable the Punycode filter to block the phishing attack.