Welcome to WebmasterWorld Guest from 54.167.29.208

Forum Moderators: open

"Catch-All" Google Chrome Malicious Extension Steals All Posted Data

Captures all data posted by the victim on any website

     
7:13 pm on Oct 28, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 22, 2005
posts:1175
votes: 15



[isc.sans.edu ]

...So, using such approach, an adversary would be able to capture high sensitive data with not much effort compared to standard methods. It wasnít necessary for the attacker to attract the victim to a fake website with doubtful SSL certificates or deploying local proxies to intercept web connections. Quite the opposite, the user is accessing original and legitimate websites and all the interactions are working properly while data is captured and leaked. In other words, this method may subvert many security layers the victim may have in place.

...it sounds strange to me Google Chrome allowing extensions access sensitive form fields, like passwords, without asking for an additional userís approval, as well as allowing an extension to silently and autonomously establish a connection to an external entity. Additionally, browser security features that could protect user from harmful extensions can be disabled through command line arguments as in this case. ...
9:04 pm on Oct 28, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10638
votes: 630


This campaign infection vector is a phishing e-mail with links to photos supposedly from the weekend pretending to be sent through Whatsapp
It seems that despite years of warnings, some people will still click on unknown attachments in emails.