Hackers have antique eroticismdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
9 Tech Products That Were Too Early to Market
'Cancelled' is cancelled now. We're giving people the digitine.
Diamond League Athletics Eugene 2024 livestream: Watch live athletics for free
Sony headphone deal: Get the ULT Wear headphones $21.99 off
Amazon Prime members gets 10% off Grubhub orders through Feb. 17
TikTok creators don't believe a ban is coming
Scientists discovered a Venus
Beijing grants greater independence for EV development of state
Clean energy projects soared in 2016 as solar and wind got cheaper
Chinese GenAI venture raises $14 million, claims itself akin to Sora · TechNode
Great white shark leaps into tiny boat, fisherman treats it like NBD
'Doctor Who' and Ruby Sunday: Everything we know
Sony headphone deal: Get the ULT Wear headphones $21.99 off
Spotify discontinues their weird Car Thing device
Best GPU deal: Get the MSI RTX 5080 for $1,249.99 at Best Buy
Chinese GenAI venture raises $14 million, claims itself akin to Sora · TechNode
The FCC announces potential labeling for AI in political ads
Amazon deals of the day: Polaroid Hi
Here's how I feel about all this Stephen Hawking 'news' going around
Sony headphone deal: Get the ULT Wear headphones $21.99 off
Hmm, here is some very disturbing nail art based on Kylie Jenner's baby's handDavid Harbour actually did the Hopper dance with penguins and all is right with the worldSki ballet is the magnificently weird Olympic sport that deserved betterSki ballet is the magnificently weird Olympic sport that deserved betterA Bitcoin miner is buying power plants to mine crypto nowHow Bachelor Nation’s favorite data scientist tracks everything from screen time to dress colorsFord to replace windshield, re5 coolest cases for the iPhone 13Amazon opens waiting list for home surveillance drone'Side Eyeing Chloe' sells for less than other meme NFTs...but why?What would parents do to their kids if they ridiculed a senator?Google's new search results page will answer your question with more (useful) questions5 coolest cases for the iPhone 13I drove the Lucid Air. It's the future of cars.Robot vacuum meets its worst nightmare: A spring door stopiPhone 13 Pro teardown: The battery size increase is real'The Other Two' showrunners on Season 2 and what's next for Cary and BrookeHubble telescope peers deep into Milky Way galaxy, captures starfieldHow Bachelor Nation’s favorite data scientist tracks everything from screen time to dress colorsEven the Queen can't make Anna Wintour part with her sunglasses Remembering Richard Donner, Superman's real 15 of the most brutal J.K. Rowling Twitter shutdowns of 2017 Electric Dodge muscle car and Jeep SUV coming by 2025 OnePlus Nord 2 officially announced with a MediaTek processor China made a giant dog that looks like Trump Naomi Osaka's right: Don't shame people's need for mental health breaks 17 huge moments that defined the royal family in 2017 Best podcasts for when you're on vacation, traveling, or taking a road trip Chrissy Teigen live tweets bizarre flight turnaround, featuring John Legend How to activate Super Alexa mode on your Amazon Alexa World Health Organization will recognize video game addiction in 2018 NASA just saluted the coolest drummer ever How to change your Instagram username Apple to (finally) launch a redesigned iPad mini this fall Watch Zaila Avant Unpacking that ‘Black Widow’ credits scene and what it means for Marvel's future Let's talk about that mysterious baddie in 'Black Widow' 'Loki' composer Natalie Holt wrote that glorious theme without ever seeing the show Apple Music's new spatial audio feature is rad when it's done right Tag Heuer has a Super Mario
1.6953s , 10194.8203125 kb
Copyright © 2025 Powered by 【antique eroticism】,Inspiration Information Network