Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label browser hijacking. Show all posts
Security Breach
browser hijacking Chrome Extension Cyber Security Cybersecurity Data Theft Google Workspace Hacking phishing Security Breach

New 'Browser Syncjacking' Attack Exploits Chrome Extensions for Full Device Takeover

 

'Browser Syncjacking,' which allows threat actors to hijack Google profiles, compromise browsers, and eventually gain full control over a victim's device—all through a seemingly harmless Chrome extension.

This stealthy multi-stage attack requires minimal permissions and almost no user interaction beyond installing a malicious Chrome extension. The attack begins with:

1. Fake Google Workspace Setup – Attackers create a fraudulent Google Workspace domain with pre-configured user profiles where security features like multi-factor authentication are disabled.

2. Publishing a Malicious Extension – A Chrome extension, disguised as a useful tool, is uploaded to the Chrome Web Store.

3. Social Engineering Trap – Victims are tricked into installing the extension, which then secretly logs them into an attacker's managed Google Workspace profile via a hidden browser session.

4. Sync Activation – The extension opens a legitimate Google support page and injects content instructing users to enable Chrome Sync. Once activated, attackers gain access to stored credentials, browsing history, and other sensitive data.

5. Full Browser Takeover – Using deceptive tactics, such as a fake Zoom update prompt, the extension delivers an executable file containing an enrollment token. This grants attackers full control over the browser.

"Once enrolled, the attacker gains full control over the victim's browser, allowing them to silently access all web apps, install additional malicious extensions, redirect users to phishing sites, monitor/modify file downloads, and many more," explains SquareX researchers.

By leveraging Chrome's Native Messaging API, attackers establish a direct communication channel between the malicious extension and the victim's operating system. This enables them to:
  • Browse directories
  • Modify files
  • Install malware
  • Execute commands
  • Capture keystrokes
  • Extract sensitive data
  • Activate the webcam and microphone
The Browser Syncjacking attack is difficult to detect. Unlike traditional extension-based threats that require extensive social engineering, this method operates with minimal user interaction.

"Unless the victim is extremely security paranoid and is technically savvy enough to constantly navigate the Chrome settings to look for managed browser labels, there is no real visual indication that a browser has been hijacked," the report warns.

Recent incidents, including hijacks of legitimate Chrome extensions, have demonstrated that browser extensions pose significant cybersecurity risks.

BleepingComputer has reached out to Google for comments on this new attack and will provide updates as soon as a response is received.
Read more »
Subscribe to: Posts (Atom)