New Unicode Phishing attack in modern browsers
Published in
1 min readApr 18, 2017
A Chinese security researcher has demonstrated a scary phishing attack that’s virtually impossible to detect in web browsers like Chrome, Firefox, and Opera. The attack uses such unicode characters in domains that look just like the common ASCII characters. For example, “xn — pple-43d.com” is equivalent to “аpple.com”. Chrome is expected to roll out a fix in its upcoming Chrome 58 release.
While the whole concept of the attack is very old, it has recently surfaced to the current versions of browsers like Google Chrome, Mozilla Firefox, and Opera. These browsers show unicode characters in domain names as normal characters, which makes it impossible to notice the notorious domains.
