An interesting way to bypass multi-factor authentication (MFA) was recently announced by Bleeping Computer. This particular attack method requires a potential victim to be tricked into downloading a malicious executable (not so hard unfortunately), and the resulting rogue code then uses Microsoft Edge’s WebView2 control to essential create a rogue web page which can mimic any other web page, except with new malicious coding inserted.
originally published onhttps://blog.knowbe4.com/innovative-way-to-bypass-mfa-using-microsoft-webview2-is-familiar-nevertheless
