Oh internet, a place of wonder, learning and dank memes – if only you stayed that way all the time. Viruses, malware, and phishing have plundered modern internet to no end, and there’s no stopping it. I wish to live to see the day mankind can browse cat videos with no fear of malicious pop-up ads.
Why am I lamenting you ask? Well, it turns out the creeps of the internet have once again found a new way to phish for data – and it’s clever. Developer Jim Fisher shared on his personal blog of a Android exploit that utilizes the Chrome address bar to trick you into tapping on malicious links.
According to Fisher, this is done by layering a fake address bar – which looks very much like the real thing – onto the original Chrome UI. It happens when you load a website and scroll for a bit; the original address bar with the real website link is masked behind a smoke screen of fake a UI and web link.
The fake address bar looks so real that it even has the ‘lock’ icon next to the address telling you that it’s secure – how dare they. Fisher has been able to replicate the exploit and have demonstrated it in this video here.
The only way to tell if the address bar is real or not, is to lock your screen and unlock it again – for a moment, it will force Chrome to display the real address bar, and at the same time, you’ll be able to see the fake one just below it.
Google are working on a fix, but at the mean time stay safe, stay vigilant.