Phishing Technique Bypasses MFA With Microsoft Edge WebView2 Applications

June 27, 2022

Cybersecurity researcher mr.dox has developed a new phishing method that uses Microsoft Edge WebView2 applications to steal a user’s authentication cookies and log into stolen accounts, even if they are secured with MFA.

The new phishing technique, known as the WebView2-Cookie-Stealer consist of a WebView2 executable that opens the login of a legitimate website from inside the application.

Microsoft Edge WebView2 allows developers to embed a web browser directly into their native apps with Microsoft Edge. Microsoft Edge WebView2 allows apps to load any web page into a native application and make it look as if they have opened those applications in Microsoft Edge.

The new phishing POC opens the legitimate Microsoft login form using the embedded WebView2 control. It can be used to steal all cookies sent from the remote server after a user logs in, including authentication cookies.

For this purpose, the application creates a Chromium User Data folder at the first start and then uses this folder for each subsequent installation.

The attack also bypasses MFA, which are secured by OTPs or security keys. This is possible because the cookies are stolen after users have logged in and successfully solved the challenge of multifactor authentication.

The sources for this piece include an article in BleepingComputer.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 19, 2026 AI systems approved for use by healthcare providers in Ontario are producing unreliable medical notes, including hallucinated more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn