Google Chrome is one of the most popular browser for browsing on the Internet. So it has become a major goal of hacking to cyber criminals. Hackers try to steal user data using various weaknesses of the browser. A cyber attack recently appeared in Chrome. As a result, billions of users are at risk.
Researchers at Cyber Security Farm SquareX have identified a new type of cyber attack. The attack was named as 'browser syncacing'.
The user has to cross several steps for this attack. However surprisingly this is a simple process for hackers. This is because it requires very little permission of the Chrome user.
For this hacking, a harmful Google Work Space Domain is first created. This domain has multiple user profiles and security features such as multi-factor authentication are closed. Using this domain, hackers create managed profiles in the background of the victim's device. The hackers then created a Malaceius Chrome extension, which was published in the Official Chrome Store. It is shown as a functional tool there to attract users.
Once the excitement is installed on the device, it continues to hide in the background and start working on the Chrome browser. The extension then logged in to a Google Workspace Profile, which hackers had previously created. The next step is to take a real Chrome support page and ask users to launch the sync feature. This support page has actually changed the hackers, so that the entry launches the sink from that page.
In this way, the person's entire Chrome account stored data such as: browsing history and password come to the profile of hackers.
SquareX says hackers can also completely control the victim's browser. This is often through general zoom invite. If the victim receives this invite, its harmful content enters the device. This harmful content comes from the previously installed Chrome extension.
Users get instructions to update a zoom on the screen. And with the approval of the update, the hackers get the opportunity to completely control the browser.
Hackers can install different viruses on the device as well as taking users' information from the browser. Even the device's webcam and microphone can be launched in silence.
The way you keep your own information protected
This type of hacking may seem very difficult to avoid. Because this hacking requires very few inputs from the user. However, there are some ways that you can keep your browser safe.
First, avoid installing the new Google Chrome extension to limit the number of those that are already installed. If something new is to be installed, do proper research about the extension and its developers.
In addition, it is very important to have the best antivirus software on the device, which will regularly scan your PC or Maca and alert you with suspicious activity. Passwords should be stored in a good password manager instead of a browser, which will protect the hackers from the attention of the hackers.
References: Takreder