The novel BitB attack is called a browser-in-the-browser (BitB) attack. It takes advantage of third-party single sign-on (SSO) options embedded on websites that issue popup windows for authentication. The concocted popups simulate a browser window within the browser, spoofing a legitimate domain and making it possible to stage convincing phishing attacks. The attack can also flummox those who use the trick of hovering over a URL to figure out if its legitimate, the researcher said.”]
Source: https://threatpost.com/browser-in-the-browser-attack-makes-phishing-nearly-invisible/179014/