Hackers have eroticism defineddiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
HP Touchscreen Laptop deal: Get $240 off at Best Buy
Trump's behavior is so awful he wouldn't even qualify for actual adult day care
Instagram, WhatsApp, and Facebook Messenger are back after 'technical issue'
Fighting violence against women, we need men to be part of the conversation
Lego free Valentine's Day Heart: How to get free Lego
TikTok will soon force personalized ads on its users
Maybe don't get a photo with your friends inside a crocodile trap
China starts blocking Signal encrypted messaging app
Amazon CEO tries to sell kids on working on the moon
Fighting violence against women, we need men to be part of the conversation
SpaceX is so close to turning its rocket headquarters into an actual city
Please stop decorating your lawns with Halloween inflatables
Trump didn't receive the warmest Capitol Hill welcome thanks to this protester
There probably won't be a new Samsung Galaxy Note this year
Miami Heat vs. Brooklyn Nets 2025 livestream: Watch NBA online
Trump's behavior is so awful he wouldn't even qualify for actual adult day care
Best refurbished deals from eBay: Apple, ASUS, LG, and more (UK deal)
Behold the BMW i4, an electric sedan with a 300
Amazon Kindle Paperwhite Kids: $139.99 at Amazon
Kim Kardashian shuts down the rumors that she's having twins
Daisy Ridley says she's done with 'Star Wars' after 'Episode IX'Meghan Markle is Madonna and Prince Harry is naked in this cheeky mobile graffitiBumble's popApple and Stanford team up for app that looks for irregular heart rhythms'Harry Potter' fan says J.K. Rowling blocked her after she criticised Johnny DeppMeghan Markle is Madonna and Prince Harry is naked in this cheeky mobile graffitiHorrific 2017 Atlantic hurricane season ends with many still reelingTesla has switched on its colossal Australian batteryFeds want to take Martin Shkreli's $2 million WuHow Polycom is architecting the conference room of the future'Avengers: Infinity War' trailer features a 'Civil War' easter eggHarry Potter new editions contain errors thanks to fake J.K. Rowling tweetsDisney will remove the 20'The View' hosts reacting to the Flynn news is the definition of joyPrince George wants only this single gift for ChristmasAlyssa Milano vs. Ajit Pai is the net neutrality fight we need right nowGoogle, Nest consider teaming up again to beat AmazonGeoffrey Rush faces allegations of 'inappropriate behaviour'Does the Avengers: Infinity War trailer show the end of the Asgardians?Twitter Lite app launches in Asia, Latin America, Africa, and more Mental health self Best Amazon deals of the day: Apple Pencil Pro, Google Pixel Buds A Is this the iPhone 17 Pro's design? NYT Connections Sports Edition hints and answers for February 14: Tips to solve Connections #144 Best Samsung Earbuds Deal: Save $65 on Galaxy Buds 3 Pro AI Sam Altman announces GPT Fenerbahce vs. Anderlecht 2025 livestream: Watch Europa League for free Lego Magazine for free: How to get free Lego Magazine for kids Wordle today: The answer and hints for February 13, 2025 Best Presidents' Day deal: Save $400 on the Hisense Canvas TV Best Presidents' Day deal: Save 50% on Philips Hue Play Light Bars extension Lenovo Yoga 7i deal: Save $350 on one of our favorite laptops No, Planned Parenthood's Instagram wasn't hacked Best smartphone deal: Save $150 on the Samsung Galaxy S24 FE at Amazon Best free online courses from Stanford University Curiosity recorded alien rainbow NYT mini crossword answers for February 16, 2025 Apple TV is now available on Android NYT Connections Sports Edition hints and answers for February 16: Tips to solve Connections #146 NYT Connections hints and answers for February 14: Tips to solve 'Connections' #614.
1.9155s , 8287.1640625 kb
Copyright © 2025 Powered by 【eroticism defined】,Creation Information Network