Hackers have Watch Too Cute! Super Rare! She Was Crazy About The Cats On A Date At A Cat Cafe Onlinediscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
The Portable Workstation: Dell XPS 13 + 32 UltraSharp 4K Monitor
Instagram to increase privacy and security for young people on the app
Netflix 'Transformers: War for Cybertron
Roy Kent's constant swearing in 'Ted Lasso' is an effing delight
Ms. Frizzle spotted at Science Marches across the globe
BBC journalists joke about pay gap and Carrie Gracie
Twitter permanently suspends pro
How to adopt a pet ethically
Assassin's Creed Origins: How Heavy is It on Your CPU?
Dev Patel dazzles in David Lowery's captivating 'The Green Knight'
Swole Jeff Bezos joins Instagram to tease his new ROCKET FACTORY
Olympic gymnasts tired of being objectified swap leotards for bodysuits
Time magazine's new cover takes aim at Trump's fiery first year
From old favorites to 'Old': Every M. Night Shyamalan thriller, ranked
Best LG B4 OLED TV deal: Save $200 at Best Buy
Kellyanne Conway falsely claims 'nobody here talks about Hillary'
The #BlackHogwarts hashtag on Twitter may be the best thing you'll see today
Cryptocurrency pickup lines will make your Tinder success surge to an all
Optogenetics: A Virtual Reality System for Controlling Living Cells
Protesters projected anti
You can get free Harry Potter audiobooksJaguar Land Rover puts creepy 'virtual eyes' on selfWe now know what Frank Ocean has been up to this entire timeFerrari race car sells at auction for recordYahoo and AOL will continue to scan your emails for precious advertising dataFerrari race car sells at auction for recordToday is Women's Equality Day! Here's how to celebrate.NASA imagery shows the beauty of nature's fury amidst fires and stormsDell'sAcer Predator Thronos gaming chair is totally insaneInstagram turns to Facebook's roots with universityFacebook bans Myanmar military commander for inciting violenceThe 'Sharp Objects' finale proved the dark power of generational traumaJustice Dept. closes Clinton email probe with no chargesLittle boy transforms into Drake thanks to some dope makeup skillsYahoo and AOL will continue to scan your emails for precious advertising dataEpic Games slams Google for sharing Fortnite Android app exploit infoChill contestant eating crisps during 'GBBO' challenge is utterly iconicA working AppleNickelodeon partners with VRV to offer '90s nostalgia streaming Terrance Hayes’s Soundtracks for Most Any Occasion by Terrance Hayes Ghosts, the Grateful Dead, and Earth Room by The Paris Review Find My Friends by Sophie Haigney Why Tights and No Knickers? by Sophie Haigney Diary, 2001 by Nell Zink Cooking with Cyrano de Bergerac by Valerie Stivers On Hannah Black’s Pandemic Novella, Barthelme, and Pessoa by The Paris Review New Eyes by Charlie Lee Deep Emotion, Plain Speech: Camus’s The Plague by Laura Marris September Notebook, 2018 by Daniel Poppick Acte Gratuit by Alice Blackhurst Softball Season by Sophie Haigney Past, Present, Perfect: An Overdue Pilgrimage to Stonington, Connecticut by Henri Cole In the beginning is the end by Meret Oppenheim Our Summer Issue Poets Recommend by The Paris Review Unconditional Death Is a Good Title by Bernadette Mayer If Kim Novak Were to Die: A Conversation with Patrizia Cavalli by Annalena Benini Clipboard, 2022 by Jesse Ball Why Write? by Elisa Gabbert Diary, 1995 by Melissa Febos
1.8754s , 10137.75 kb
Copyright © 2025 Powered by 【Watch Too Cute! Super Rare! She Was Crazy About The Cats On A Date At A Cat Cafe Online】,Inspiration Information Network