- A new higjacking -attack is targeted at chrome browsers
- It can steal all your browser data and even from your operating system
- There are several ways for users to fight back
Whether you think it’s the best web browser, Google Chrome is arguably the most popular search engine with a landslide. For that reason, it also remains a popular target for hackers. And now is a massive new threat on the horizon that can threaten billions of users.
A new attack called ‘Browser Syncjacking’ has been discovered by security scientists at cybersecurity firm Squarex (reported by Bleeping computer). Although it requires multiple steps, it is shockingly easy for the average chrome user to become a victim as it needs minimal permits.
First, a malicious Google Workspace domain is created with multiple user profiles, and security features such as multi-factor approval are disabled. This is used to create managed profiles in the background of the victim’s devices. Then hackers then create a malicious chrome expansion to launch in the official Chrome store that appears as a useful tool to attract potential victims.
When any potential victims install the extension, it hides a browser window running in the background to log the victim in one of the previously manufactured workspace. The last step involves fooling the victim to activate Chrome synchronization by opening a very real Chrome support page that has been manipulated with, and then guide them by turning on synchronization. If this happens, this person’s full Chrome account and stored data – including browsing history and passwords – is now available on the hacker’s profile.
From here, as Squarex explains, a victim’s entire browser can be taken over, often through a seemingly innocent zoom, it invites, if accepted, gets malicious content from the chrome extension that is injected into it. If the victim falls for a prompt asking to update the zoom, the update (actually an executable file containing an enrollment token) will allow the hacker to check the browser completely.
Not only gives this hackers free reign of the data stored in your browser and allows them to spy on all sites you are reviewing (and see sensitive information you enter) but it also gives them access to your operating system for To “install malware, catch keystrokes, withdraw sensitive data and even enable a device’s webcam and microphone,” as Tom’s Guide Details.
How do you remain safe?
All this sounds overwhelming and even impossible to avoid, as the attacks require so little input from users to make the ball roll. But there are ways to keep your browser safe against injury.
The first is to avoid installing new Google Chrome extensions while limiting the ones you already have. If you really need to install something new, be sure to examine it and its developers for signs of suspicious activity.
It is also important to have the best antivirus software that automatically scans your PC or Mac regularly and immediately warns you of suspicious activity. It is best to store passwords in the best password managers instead of in the browser and protect them from Hacker’s curious eyes.
There are always new attacks on the horizon, but it is important to remain vigilant in your online activity and be careful about extensions and software you are downloading. This will always serve to protect your browser and computer.
