The researchers of the SquareX, they have identified a new type of attack, referred to as “the synchronization of the browser, which allows cyber criminals cyber to take control of the device by using an add-on to Chrome. The technique involves a number of steps, and almost no interaction from the victim.
The description of the attack
The attack begins with the creation of a domain in Google Workspace, and registration of an account. Then create profiles for multiple users with the safety features of the çaktivizuara, including certification by a variety of factors. Cyber criminals cyber afterwards to create and publish an add-on to the point of a legal, in-Store and browse the Web for Chrome.
By using the techniques of social engineering, the victim, deceived, to install the appendix, with the permission to read and write, which run in the background. The user doesn't notice that they are embarking on one of the settings of the Workspace to be created in advance. Add-ons then create a page for the Support of Google, the changes to the content and the displays in a pop-up window that asks you to enable synchronization of browser.
If the user falls behind the fraud, all the data saved in Chrome (passwords, history, and the other end up in the hands of a criminal cyber. After that, they will send the user an invitation to you to be false, the Zoom, which brings to the page the wrong Zoom. Then, you are prompted to install an update for the Zoom, but in reality, the victim is not of the believers discharges a text file that contains a token that connects the browser to the domain of the Google Workspace.
At this point, the criminals cyber take control of the Chrome, the entering into of all of the apps and browse the web, install add-ons for infected and it will bring the user to the websites and phishing. By using the API-the Native Messaging to the browser, the communication is direct and is carried out also in between the allowance and the operating system.
Therefore, the last step of the attack, the control of the device. Cyber criminals cyber able to carry out any activity, including access to files, installed malware, theft of credentials, recording of audios, and videos by mikrofonave, and tell the camera to the internet.
Discussion about this post