Hackers have Watch Black Panther Onlinediscovered a new way to remotely take control of your computer — all through the Google Chrome web browser.
A report from cybersecurity company SquareX lays out the new multifaceted cyberattack, which the firm has dubbed "browser syncjacking."
At the core of the attack is a social engineering element, as the malicious actor first must convince the user to download a Chrome extension. The Chrome extension is usually disguised as a helpful tool that can be downloaded via the official Chrome Store. It requires minimal permissions, further cementing its perceived legitimacy to the user. According to SquareX, the extension actually does usually work as advertised, in order to further disguise the source of the attack from the user.
Meanwhile, secretly in the background, the Chrome extension connects itself to a managed Google Workspace profile that the attacker has set up in advance. With the user now unknowingly signed into a managed profile, the attacker sends the user to a legitimate Google support page which is injected with modified content through the Chrome extension, telling the user they need to sync their profile.
When the user agrees to the sync, they unwittingly send all their local browser data, such as saved passwords, browsing history, and autofill information, to the hacker's managed profile. The hacker can then sign into this managed profile on their own device and access all that sensitive information.
The attack up to this point already provides the hacker with enough material to commit fraud and other illicit activities. However, browser syncjacking provides the hacker with the capability to go even further.
Using the teleconferencing platform Zoom as an example, SquareX explains that using the malicious Chrome extension, the attacker can send the victim to an official yet modified Zoom webpage that urges the user to install an update. However, the Zoom download that's provided is actually an executable file that installs a Chrome browser enrollment token from the hacker's Google Workspace.
After this occurs, the hacker then has access to additional capabilities and can gain access to the user's Google Drive, clipboard, emails, and more.
The browser syncjacking attack doesn't stop there. The hacker can take one further step in order to not just take over the victim's Chrome profile and Chrome browser, but also their entire device.
Through that same illicit download, such as the previously used Zoom update installer example, the attacker can inject a "registry entry to message native apps" by weaponizing Chrome’s Native Messaging protocol. By doing this, the attacker basically sets up a connection "between the malicious extension and the local binary." Basically, it creates a flow of information between the hacker's Chrome extension and your computer. Using this, the hacker can send commands to your device.
What can the hacker do from here? Pretty much anything they want. The attacker will have full access to the user's computer files and settings. They can create backdoors into the system. They can steal data such as passwords, cryptocurrency wallets, cookies, and more. In addition, they can track the user by controlling their webcam, take screenshots, record audio, and monitor everything input into the device.
As you can see, browser syncjacking is nearly completely unrecognizable as an attack to most users. For now, the most important thing you can do to protect yourself from such a cyberattack is to be aware of what you download and only install trusted Chrome extensions.
Topics Cybersecurity Google
Best Samsung Galaxy Watch Ultra deal: Save $200 at Best Buy
Watch Addison Russell's World Series grand slam
A company backed by Alibaba just bought a big online grocer
White nationalist launches disturbing robocall attack on Trump rival
Then and Now: 5 Generations of GeForce Graphics Compared
The 2 new emoji causing controversy for Apple
The best proposed emoji we might see in the future
Google's Daydream View VR headset will go on sale very soon
Amazon Prime members gets 10% off Grubhub orders through Feb. 17
Guy found after 2 weeks in the wild was on a journey of self
Trump praises storm response as historic disaster unfolds in Houston
Bill Murray treated a lucky Cubs fan to Game 6 of the World Series
Harry Potter Yoga just might be better than Quidditch
Why this British artist wants to 'F*ck Donald Trump'
How to quit social media: This Gen Z
Guy found after 2 weeks in the wild was on a journey of self
Why Emma Watson is hiding books on the London Underground
Hawaii's bees are now protected under U.S. Endangered Species Act
HP Touchscreen Laptop deal: Get $240 off at Best Buy
What to do if you're harassed at the polls
Cryptocurrency businesses aren't afraid of Google and Facebook ad bansHow free laptops in Madagascar offer kids information and tools for selfSamsung Galaxy Note 9 might come with inA guide to every message hidden in the 'Westworld' Season 2 marketingMargot Robbie wells up when her brother surprises her in an interviewInstagram, like Facebook, is problematicFacebook needs to hire a public editorMarch for Our Lives and Tumblr join forces for massive digital protest and D.C. livestreamCompeting teams are creating devices that extract water from thin airNew video shows selfCryptocurrency businesses aren't afraid of Google and Facebook ad bansWhy is cereal is such a miserable sham of a breakfast?Cryptocurrency businesses aren't afraid of Google and Facebook ad bansBest Buy plans to stop selling Huawei phones in coming weeksSpotify app built into Cadillac console is made for commute listeningMajor Siri bug exposes all your Signal messages on iPhoneWorld Water Day: How to get involved and make a differenceWes Anderson's cultural tourism undercuts the heart of 'Isle of Dogs'World Water Day: How to get involved and make a differenceMargot Robbie wells up when her brother surprises her in an interview Apple event kicks off with touching Steve Jobs tribute Of course Russians created Facebook events for pro Facebook is testing a new video feature for Android and it could be a game There are striking, lingering doubts about that 'female Viking warrior' Why the iPhone X could be Apple's ultimate tech folly Apple's iPhone 8 comes in gold, but everyone's calling it pink Equifax screwed up yet again, and it's scrambling to fix this latest mess Watch this reporter rescuing dolphins beached by Hurricane Irma Patty Jenkins will direct 'Wonder Woman' sequel Amazon's next Fire TV device rumored to act like a super Finally, an agreement over who owns the rights to that legendary monkey selfie Domhnall Gleeson getting excited by Jennifer Lawrence on the red carpet is all of us The 'PUBG' craze is spreading Kid from 'It' attends 'It' screening dressed as kid from 'It' The new Apple Watch with LTE connectivity won't get you out of buying an iPhone Plastic bags get the boot once again Netflix's 10 most I'm so sorry, but here are Ted Cruz's favorite pornos The Disaster Artist at Toronto: Film review Who authorized this Princess Diana memorial that looks nothing like Princess Diana?
1.6195s , 10137.3359375 kb
Copyright © 2025 Powered by 【Watch Black Panther Online】,New Knowledge Information Network