Hackers have the art of eroticismdiscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Great white shark leaps into tiny boat, fisherman treats it like NBD
This girl dancing as Hermione is actual magic
Watch Blue Ivy scold her grandma for Instagramming at the Paris Ballet
Coming soon to Sundance: 'Hatching' trailer teases monsters and motherhood horror
9 Tech Products That Were Too Early to Market
Watch Blue Ivy scold her grandma for Instagramming at the Paris Ballet
'Dexter: New Blood' finale was the only way Dexter Morgan's story could have ended
Warning: Here's what could happen if you ask your husband for Fenty Beauty products
Celtic vs. Bayern Munich 2025 livestream: Watch Champions League for free
Prepare to sob at these moving stories of people travelling home for Ireland's abortion vote
Elon Musk told Donald Trump what to do about the Paris Climate Agreement
Developer of different, older Wordle game to donate proceeds to charity
Please enjoy this Instagram account that hilariously reimagines your favorite album covers
Best custom keyboards to add to your iPhone
Tips for Playing PlayerUnknown's Battlegrounds
Turtle sex videos, ranked
Teacher corrects letter from White House, then sends it back
New York City subways torched in new browser game, 'MTA Country'
Amazon Prime members gets 10% off Grubhub orders through Feb. 17
Apple has no plans to join the metaverse with VR headset, report says
The Trumps bungle Pearl Harbor Day on TwitterDylan Farrow: The hypocrisy behind Hollywood's continued acceptance of Woody AllenHow to create folders (aka labels) in GmailAspiring poet's rejection letter from 1928 is delightfully brutalThe internet is ablaze with 'sex is cool' memesChristmas tree eyebrows are the festive beauty trend no one asked forMark Hamill once made a child's dream to meet Luke Skywalker come trueLet's agree the tragedyThe newest electric Jaguar IDylan Farrow: The hypocrisy behind Hollywood's continued acceptance of Woody AllenEverything you buy in this popChance the Weatherman reports for dutyYou may have missed the most impactful detail on Time's 'Person of the Year' coverVin Diesel says 'Fast and Furious' saga is racing toward a proper endWhat kind of villain is Loki, really? 'Loki' on Disney+ wants to know.Embrace the dark side with these 'Star Wars' themed sex toysGoogle Workspace is now free for everyonePeople are ditching their boring Christmas trees for pineapples this yearJinx surprises 'Overwatch' fans with a limited edition blue D.Va hoodieZac Efron admits his onscreen kiss with Zendaya is the greatest of all his film kisses 'The Legend of Zelda: Echoes of Wisdom' hands Best Labor Day deals: Shop Best Buy for discounts on tech, appliances, and more Stephen King is finally teasing what a new Dark Tower story might look like Swiatek vs. Pegula 2024 livestream: Watch US Open for free Elon Musk's X is now banned in Brazil Apple AirTags used by environmental activists to track dead Wordle today: The answer and hints for August 30 Gen Z fantasizes about both monogamy and kink, Feeld says Project DualPlay: This gaming laptop's touchpad doubles as a controller Amazon's 'Remarkable' Alexa will actually be Claude in disguise, report claims NYT mini crossword answers for September 4 Washington Mystics vs. Dallas Wings 2024 livestream: Watch WNBA live Newcastle United vs. Spurs 2024 livestream: Watch Premier League for free What should you do with your reply guy? Apple's FineWoven cases may get replaced soon Fritz vs. Zverev 2024 livestream: Watch US Open for free Sinner vs. Medvedev 2024 livestream: Watch US Open for free NASA's huge spacecraft will soon launch to alluring ocean world Facebook, Instagram opt out of allowing Apple AI to scrape their data for training How to unblock Redtube for free
3.219s , 10194.8828125 kb
Copyright © 2025 Powered by 【the art of eroticism】,Information Information Network