- A new high jacking attack attack is aimed at Chrome browsers
- You could steal all the data on your browser and even your operating system
- There are several ways for users to fight
Whether it believes that it is the best web browser, Google Chrome is, without a doubt, the most popular search engine by a landslide. For that reason, it is still a popular objective for computer pirates. And now, a new mass threat is on the horizon, which could threaten billions of users.
Security researchers have discovered a new attack called ‘Navigator Syncjacking’ Bleepingcomputer). Although it requires several steps, it is surprisingly easy for the average chrome user to be a victim, since it needs minimal permits.
First, a malicious domain of Google Workspace is created with multiple user profiles, and safety characteristics such as multiple factors are disabled. This is used to create profiles administered at the bottom of the victim’s devices. Then, computer pirates will create a malicious Chrome extension to launch in the official Chrome store, appearing as a useful tool to attract possible victims.
Once any potential victim installs the extension, hides a browser window that runs in the background to register the victim in one of the previously done work space profiles. The last step is to deceive the victim to activate Chrome’s synchronization by opening a very real Chrome support page with which it has been manipulated, and then guiding them through the SYNC. If this happens, the complete Chrome account of that person and the stored data, including navigation history and passwords, are now available in the hacker profile.
From here, as Squarex explains, you can take the full browser of a victim, often through an apparently innocent zoom invitation that, if accepted, obtains malicious content of that extension of Chrome injected into it. If the victim is considered a warning that Zoom requests, the update (in reality an executable file that contains a registration token) will allow the hacker to control the browser completely.
This not only provides free computer pirates on any data stored in their browser and allows them to spy on any website that explores (and see any confidential information that enters), but also allows them to access their operating system to “install malware , capture, capture key pulsations, extract confidential data and even activate the webcam and the microphone of a device “, such as Tom guide details.
How do you stay safe?
All this sounds overwhelming and even impossible to avoid, since the attacks require such little contribution of users so that the ball surrounds. But there are ways to keep your browser safe from damage.
The first is to avoid installing new Google Chrome extensions while limiting the ones you already have. If you really need to install something new, be sure to investigate it and its developers to obtain signs of suspicious activity.
It is also essential to have the best antivirus software, which will automatically scan your PC or MAC regularly and immediately alert it on suspicious activities. It is better to store passwords in the best password administrators instead of in the browser, protecting them from the indiscreet eyes of computer pirates.
There are always new attacks on the horizon, but it is vital to stay attentive to your activity online and be careful with the extensions and software you download. This will always serve to protect your browser and computer.
