Skip to main content
  1. Home
  2. Computing
  3. News

New phishing method looks just like the real thing, but it steals your passwords

Add as a preferred source on Google

Thanks to a new phishing method, hackers could steal all sorts of personal information by simply mimicking real login forms in Application Mode. This is a feature that’s available in all Chromium-based browsers, which includes Google Chrome, Microsoft Edge, and Brave.

Using Application Mode allows threat actors to spread highly believable-looking local login forms that look like desktop applications. In reality, all inputs are sent to a malicious attacker.

Two Microsoft sign in prompts -- one fake, one real, side by side.
mr.d0x

In Google Chrome, Application Mode lets web devs create apps that resemble native applications. A few things happen when you launch Application Mode. For starters, the toolbars and the address bar both disappear. The website is launched in a separate window, and on your taskbar, you’ll see the website’s favicon (the icon you normally see next to the website’s name in your browser tab) instead of the Chrome logo.

Recommended Videos

With all of these things out of the equation, it’s fairly easy to create a clone of a familiar login form and try to trick users into typing their login credentials. Many users are less wary of desktop apps than websites, because once installed, they are assumed to be safe; on the other hand, there’s always some degree of hesitation when visiting a strange website. Removing the URL largely deals with the easiest way to spot a scam from the real thing.

This hack could potentially be very dangerous simply because of how easy it might be to get fooled by it. On the other hand, actually pulling it off requires the victim to have Chromium app mode enabled and launched locally on their device. This means that the hacker would first have to gain some sort of control over the computer before following up with this phishing method, be it through malware or through guiding the user to enable it and run a Windows shortcut with the phishing URL.

Windows 10 and 11 both come with Microsoft Edge pre-installed. This makes it easier to distribute Windows shortcut files that launch Microsoft Edge, and from there, it’s smooth sailing for the hacker if the victim falls for the fake form.

Google Chrome opened on a laptop.
Caio/Pexels

This phishing method was first described by mr.d0x and later reported on by Bleeping Computer. While it could be dangerous if users were to fall for it, the prerequisite of first obtaining some sort of access to the victim’s computer should largely keep you safe.

As always, remember not to visit websites that you don’t fully trust, load up some trustworthy antivirus software for good measure, and do not enable Application Mode in your browser unless you have a very good reason to do so.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
You’ll be able to use Claude Fable 5 again starting July 1
Anthropic has received a green light from the US government to restore the AI Model, weeks after a security researcher found a way around its safeguards that triggered the shutdown.
Laptop running Claude Fable

Anthropic is restoring full access to Claude Fable 5 starting tomorrow, weeks after a US government directive forced the company to suspend the model for all users. The government order arrived on June 12 and required Anthropic to block foreign nationals from using Fable 5 and its more capable Mythos 5 model. Since the rule took effect immediately and Anthropic had no way to verify a user's nationality in real time, the company suspended both models entirely rather than risk a violation.

What triggered the shutdown

Read more
Claude’s Sonnet 5 is built to do more on its own and cost you less
Better than its predecessor, nearly as good as the flagship, and meaningfully cheaper than both.
Art, Floral Design, Graphics

Every major AI lab is racing to prove its models can work autonomously with minimal hand-holding; we’re now seeing pricing emerge as the next battleground. 

Anthropic just fired its latest shot, Claude Sonnet 5, a model the company says performs nearly as well as its flagship Opus 4.8 at a fraction of the cost.

Read more
Apple Creator Studio adds AI tools across Final Cut Pro, Logic Pro and Pixelmator Pro
Final Cut Pro gets AI captions, Auto Mask and better Pixelmator Pro workflows in Creator Studio update
Computer Hardware, Electronics, Hardware

Apple has introduced a major update to Apple Creator Studio, adding new AI features, deeper Pixelmator Pro integration, and workflow upgrades across Final Cut Pro, Logic Pro, Keynote, Pages, Numbers, Motion, Compressor, Freeform, and Final Cut Camera.

The update makes Creator Studio more useful across Mac, iPad, and iPhone, especially for people who move between video editing, image editing, presentations, documents, spreadsheets, and music production.

Read more