HKCERT Advice: Beware Malicious Windows Application Login Prompt Phishing Attacks

(Hong Kong, 5 July 2022) An overseas cyber security researcher recently discovered that the Microsoft Edge WebView2 control, which is used for the development of applications, can be abused to build a malicious application that will pop up login M365 account prompt once opened. The application will send the account login cookies to the hacker after the user has logged in. What makes this malicious application so scary is that as it is built with Windows System library, it can evade the detection of all anti-virus software. Also, the user will not see any suspicious links. Hence, if the user accidentally logged in and accepted the multi-factor authentication, the hacker will be able to steal the cookies and log in to the user account remotely.

As an information security expert, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council foresees that hackers may use this method (such as pretending to be freeware) to lure users to download, open and login the malicious application. It recommends users not to open files and links from unverified or unauthenticated sources and to pay extra attention when being requested to input login information to minimise risk.

For information security related incidents, for example, ransomware, phishing, denial of service attack, etc., please report to HKCERT through its online Incident Report Form at For other enquiries, please contact HKCERT by email: or call its 24-hour hotline: 8105 6060.

Comments are closed.