Hackers have cet eroticismdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Optogenetics: A Virtual Reality System for Controlling Living Cells
9 Australian apps that'll help you make a positive impact on the world every day
Plane evacuates upon landing at Australia's Perth airport
Elderly couple separated after 62 years together shares happy reunion
Best LG B4 OLED TV deal: Save $200 at Best Buy
What to watch on Amazon Prime in October
Mystery cat lover leaves $8,000 in animal shelter donation box
5 times you shouldn't use a credit card
Trump who? Tech giants join massive effort to uphold Paris Agreement
5 things we know about Snapchat's new Spectacles
Super Bowl LIX livestream: Watch Eagles vs Chiefs on Tubi
Bad news, Shutterfly: Amazon is moving into photo printing
Stretch drive: 3 storylines to follow as the 2016 MLB playoffs approach
Police arrest creepy clown found lurking in Kentucky woods
Amazon Kindle Paperwhite Kids: $139.99 at Amazon
Jake Gyllenhaal, Carey Mulligan to star in Paul Dano's directorial debut 'Wildlife'
Ok, everybody take a breath: Kim Kardashian is voting for Hillary Clinton
Google's smart speaker will be cheaper than the Amazon Echo, report says
Cibao FC vs. Guadalajara 2025 livestream: Watch Concacaf Champions Cup for free
Samsung Galaxy Note 2 catches fire on a plane in India
14 dynamite gifts for the Guy Fieri fans of the worldApple finally reveals when its pricey 'cheese grater' Mac Pro will become availableOutsmart polar vortices with 15% off The North Face at The HouseDisney XD sprinkles a sameAll hail Viola Davis, queen of the postOutsmart polar vortices with 15% off The North Face at The HouseWhat the type of steak you eat says about youEveryone is having a field day with news that Trump is skipping the Correspondents' DinnerGoogle will now tell you how you've been mispronouncing words your entire lifeKamala Harris makes powerful plea for stronger gun control laws after California school shootingAirPods Pro covered in 18Report: Americans don't trust companies to admit data misuseChrissy Teigen makes sure everyone knows John Legend didn't win an Oscar (this year)Your guide to the 2017 Oscars, in highly accurate charts'The Mandalorian' episode 2 is a perfect Star Wars tone poemNetflix's 'Earthquake Bird' gets spoiled by a bad ending: Review'Star Wars Jedi: Fallen Order' review: A terrific and welcome surpriseThis seal delightedly hugging a toy version of itself is your new wallpaperGoogle, Facebook are tracking your WebMD health searchesGoogle, Facebook are tracking your WebMD health searches How to quit Instagram With the Rushes by Sadie Stein Literary Halloween The Great Columbia Book Slide of 1934 by Sadie Stein Modern Austen, and Other News by Sadie Stein Persuasion by Sadie Stein Wordle today: Here's the answer and hints for July 17 This Is the Way We Wash Our Clothes by Sadie Stein This Is Spinal Fusion by Rebecca Buckwalter Mischief Night by Sadie Stein Redditors are using John Oliver to give away their coins Neopets will finally fix its games in $4 million overhaul Facebook wants to help you get vaxxed It Was the Best of Titles, It Was the Worst of Titles by Kaya Genc Surprised by Joy by Sadie Stein O Canada by Sadie Stein How to watch the 2023 FIFA Women's World Cup online for free Apple's iPhone 15 might come in glorious pink color 'Command Z' review: Steven Soderbergh's surprise sci Jeeves, Redux, and Other News by Sadie Stein
3.0282s , 10194.9296875 kb
Copyright © 2025 Powered by 【cet eroticism】,Feast Information Network