- A new Jacking High attack targets chrome browsers
- This could steal all your browser data and even from your operating system
- There are several ways for users to retaliate
Whether you believe that it is the best web browser, Google Chrome is undoubtedly the most popular search engine by a landslide. For this reason, there is also a popular target for pirates. And now, a new massive threat is on the horizon, which could threaten billions of users.
A new attack called “browser syncjacking” was discovered by safety researchers from the Squarex cybersecurity company (reported by Bleeping Compompute). Although this requires several steps, it is easily shocking for the average chrome user to victim, because he needs minimum authorizations.
First of all, a malicious field Google Workspace is created with several user profiles, and security features such as multi-factory authentication are deactivated. This is used to create profiles managed in the background of the victim’s devices. Then, the hackers will then create a malicious chrome extension to launch on the official Chrome store, appearing as a useful tool for attracting potential victims.
Once potential victims have installed the extension, he hides a browser window that runs in the background to record the victim in one of the previously produced workspace profiles. The last step is to encourage the victim to activate chrome synchronization by opening a very real chrome support page which was falsified, then guiding them by activating synchronization. If this happens, this person’s full chrome account and stored data – including navigation history and passwords – are now available on the pirate profile.
From there, as Squarex explains, the whole browser of a victim can be taken care of, often through an apparently innocent zoom invites, if it is accepted, obtains malicious content from this injected chrome extension. If the victim falls in love with an invite that requires updating Zoom, the update (in fact an executable file which contains an registration token) will allow the pirate to completely control the browser.
Not only does this give free hackers on all the data stored in your browser and allows them to spy on the websites you are browsing (and see all sensitive information), but this also allows them to access your system of exploitation to “install malware, capture keys, extract sensitive data and even activate the webcam and microphone of a device”, as Tom guide details.
How do you stay safe?
All this seems overwhelming and even impossible to avoid, because the attacks require so little user entry to roll the ball. But there are ways to keep your browser away from damage.
The first is to avoid installing new Google Chrome extensions while limiting those you already have. If you really need to install something new, be sure to search for it and its developers for signs of suspicious activity.
It is also essential to have the best antivirus software, which will automatically scan your PC or Mac regularly and immediately alert you to suspect activity. It is best to store passwords in the best password managers rather than in the browser, protect them from prying eyes from pirates.
There are always new attacks on the horizon, but it is essential to remain vigilant in your online activity and pay attention to the extensions and software you download. This will always be used to protect your browser and your computer.
