Clever phishing method bypasses MFA using Microsoft WebView2 apps
Lawrence Abrams reports:
A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts.
[…]This week, cybersecurity researcher mr.d0x has created a new phishing method that uses Microsoft Edge WebView2 applications to easily steal a user’s authentication cookies and log into stolen accounts, even if they are secured with MFA.
Read more at BleepingComputer.