Feeds:
Posts
Comments

Posts Tagged ‘Google Chrome browser’


‘A new malicious application tries to disguise itself as the Google Chrome browser to fool victims into entering their payment card details. The app is still active at the time of writing and sends collected user details to an AOL email address.

Discovered today by MalwareHunter, this application goes above and beyond of what other card stealers have attempted, most of which are half-baked efforts, often easy to recognize as malicious applications thanks to their quirky graphics and misaligned designs.

This app, named “Betaling – Google Chrome.exe”, tries to pass as the Google Chrome browser and does a good job at it. Betaling uses the standard Chrome icon and window layout, complete with an address bar, and even an HTTPS lock icon to trick users they’re on a real website.’

Read more: Credit Card Stealer Disguises as Google Chrome Browser

Read Full Post »


The exploit, developed by programmer Andreas Grech, employs a plugin coded using jQuery to track users’ login information and have it emailed to himself. He claims that he has tested the plugin, and that it has been successful against Twitter, Gmail, and Facebook. In his own words:

The Google Chrome browser allows the installation of third-party extensions that are used to extend the browser to add new features. The extensions are written in JavaScript and HTML and allow manipulation of the DOM, amongst other features.

By allowing access to the DOM, an attacker can thus read form fields…including username and password fields. This is what sparked my idea of creating this PoC.

The extension I present here is very simple. Whenever a user submits a form, it tries to capture the username and password fields, sends me an email via an Ajax call to a script with these login details along with the url and then proceeds to submit the form normally as to avoid detection.

CONTINUED HERE

Read Full Post »

%d bloggers like this: