He's not breaking any news here. This has been a well known and widely deployed attack for years, to the point that darknet markets impose multiple anti-phishing mitigations (as best they can, at least, e.g. signing a PGP message with the URL and then posting that PGP key on the landing page, and trying various JS tricks for reverse proxy detection to warn user they might be on the wrong site).
No comments yet.