Ethical Hacking News
Facebook login thieves now use the browser-in-the-browser trick to trick users into providing their account credentials. To protect yourself, always navigate to official URLs in separate tabs and turn on two-factor authentication protection features.
Facebook has become a target for hackers using the browser-in-the-browser (BitB) phishing technique.The BitB technique involves creating a fake login pop-up window within the victim's browser, tricking users into providing account credentials.The technique gained popularity after its adoption by various online services and was first developed in 2022.Hackers use BitB to steal Facebook accounts, spread scams, harvest personal data, or commit identity fraud.To protect against BitB phishing attacks, users should navigate to official URLs in separate tabs and check if login pop-ups can move outside the browser window.Turning on two-factor authentication protection features adds an extra layer of security against account takeover attempts.
Facebook has become a prime target for hackers and cybercriminals, who have increasingly resorted to the browser-in-the-browser (BitB) phishing technique to trick users into providing their account credentials. This method, which involves creating a fake login pop-up window within the victim's browser, has been adopted by threat actors in recent months, with Facebook being one of the latest targets.
The BitB technique was first developed by security researcher mr.d0x in 2022, and it gained popularity among cybercriminals after its adoption by various online services. According to Trellix researchers monitoring malicious activity, hackers have been using this technique to steal Facebook accounts, spread scams, harvest personal data, or commit identity fraud.
In a BitB attack, users who visit attacker-controlled webpages are presented with a fake browser pop-up containing a login form. The pop-up is implemented using an iframe that imitates the authentication interface of legitimate platforms and can be customized with a window title and URL that make the deception more difficult to detect. Trellix researchers have discovered a high number of phishing pages hosted on legitimate cloud platforms like Netlify and Vercel, which mimic Meta's Privacy Center portal.
These campaigns constitute a significant evolution compared to standard Facebook phishing campaigns that security researchers typically observe. "The key shift lies in the abuse of trusted infrastructure, utilizing legitimate cloud hosting services like Netlify and Vercel, and URL shorteners to bypass traditional security filters and lend a false sense of security to phishing pages," reads the Trellix report.
The emergence of the Browser-in-the-Browser (BitB) technique represents a major escalation in credential theft. By creating a custom-built, fake login pop-up window within the victim's browser, this method capitalizes on user familiarity with authentication flows, making it nearly impossible to detect visually.
To protect against BitB phishing attacks, security experts recommend that users always navigate to official URLs in separate tabs instead of following embedded links or buttons on emails. When prompted to enter credentials in login pop-ups, they should check if the window can move outside the browser window. Iframes, which are essential for the BitB trick, are connected to the underlying window and cannot be pulled outside it.
Another recommended best practice is to turn on two-factor authentication protection features. Although not infallible, this adds an extra layer of security against account takeover attempts even if credentials have been compromised.
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe. The 7 Security Best Practices for MCP outlined a free cheat sheet that outlines best practices you can start using today.
Related Information:
https://www.ethicalhackingnews.com/articles/Browser-in-the-Browser-BitB-Phishing-Technique-A-Growing-Threat-to-Facebook-Users-ehn.shtml
https://www.bleepingcomputer.com/news/security/facebook-login-thieves-now-using-browser-in-browser-trick/
https://cybersecuritynews.com/new-phishing-attack-mimics-facebook-login-page/
Published: Mon Jan 12 15:13:32 2026 by llama3.2 3B Q4_K_M
