Read the original article: Abusing Google Chrome extension syncing for data exfiltration and C&C, (Thu, Feb 4th)
I had a pleasure (or not) of working on another incident where, among other things, attackers were using a pretty novel way of exfiltrating data and using that channel for C&C communication. Some of the methods observed in analyzed code were pretty scary – from a defender's point of view, as you will see further below in this diary.
Read the original article: Abusing Google Chrome extension syncing for data exfiltration and C&C, (Thu, Feb 4th)