Malware

Novel Chrome Extension-Exploiting Attack Covertly Hijacks Devices

Novel Chrome extension-exploiting attack covertly hijacks devices. (Adobe Stock)

BleepingComputer reports that threat actors could covertly hijack devices through the new multi-stage Browser Syncjacking attack that involves a trojanized Chrome extension.

After establishing a malicious Google Workspace domain with various user profiles without multi-factor authentication and publishing a seemingly legitimate browser extension on the Chrome Web Store, attackers proceed to lure targets into downloading the extension, according to an analysis from SquareX.

Stealthy log-ins to one of the attacker-controlled Workspace profiles performed by the extension are followed by the opening of the legitimate Chrome support page that prompts targets to activate Chrome sync, which once done lets attackers access all the targeted device's data, and also the breached profile. Attackers could then leverage this access to trick victims into installing a fake software update that would allow total browser control.

"Unlike previous extension attacks that involve elaborate social engineering, adversaries need only minimal permissions and a small social engineering step, with nearly no user interaction required to execute this attack," said SquareX researchers.

You can skip this ad in 5 seconds