Welcome to WebmasterWorld Guest from

Forum Moderators: open

Message Too Old, No Replies

"Catch-All" Google Chrome Malicious Extension Steals All Posted Data

Captures all data posted by the victim on any website

7:13 pm on Oct 28, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 22, 2005
votes: 16

[isc.sans.edu ]

...So, using such approach, an adversary would be able to capture high sensitive data with not much effort compared to standard methods. It wasnít necessary for the attacker to attract the victim to a fake website with doubtful SSL certificates or deploying local proxies to intercept web connections. Quite the opposite, the user is accessing original and legitimate websites and all the interactions are working properly while data is captured and leaked. In other words, this method may subvert many security layers the victim may have in place.

...it sounds strange to me Google Chrome allowing extensions access sensitive form fields, like passwords, without asking for an additional userís approval, as well as allowing an extension to silently and autonomously establish a connection to an external entity. Additionally, browser security features that could protect user from harmful extensions can be disabled through command line arguments as in this case. ...
9:04 pm on Oct 28, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
votes: 893

This campaign infection vector is a phishing e-mail with links to photos supposedly from the weekend pretending to be sent through Whatsapp
It seems that despite years of warnings, some people will still click on unknown attachments in emails.

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members