Malware is always searching for our devices. One of the most common attack methods on computers is through a web browser, where malicious plugins can steal data and information about our browsing. An appendix now shows us how dangerous this is.
Follow-up researcher Matthew Bryant released an add-on called CursedChrome, code available on GitHub. The extension is divided into two parts: a component for the customer, the addition itself, and the other for the attacker, which is the control panel to which harmful information is sent. With this, the attacker can use the infected browser as if he was on the computer where the browser is installed, and the ability to use sessions that started in sensitive sites such as Google Accounts, banks, or Paypal.
Despite the fact that this add-on aims to show the severity of other add-ons, the community has drawn a lot of criticism because what this add-on makes makes it easy for inexperienced hackers to apply a hack through it, as they can create wrong extensions with the code that was posted. This kind of criticism is often directed against other pentesting tools such as Metasploit.
The creator of the extension claims that its intention is not to facilitate hacking, but to simulate scenarios in which these attacks can occur.
We must add that in order for the attacker to use this extension, it must first be accepted into the Chrome Web Store (which is almost impossible), or the user must install it by setting the developer by adding it manually.
Comments
Post a Comment