‘Browser Syncjacking,’ which allows threat actors to hijack Google profiles, compromise browsers, and eventually gain full control over a victim’s device—all through a seemingly harmless Chrome extension.
This stealthy multi-stage attack requires minimal permissions and almost no user interaction beyond installing a malicious Chrome extension. The attack begins with:
1. Fake Google Workspace Setup – Attackers create a fraudulent Google Workspace domain with pre-configured user profiles where security features like multi-factor authentication are disabled.
2. Publishing a Malicious Extension – A Chrome extension, disguised as a useful tool, is uploaded to the Chrome Web Store.
3. Social Engineering Trap – Victims are tricked into installing the extension, which then secretly logs them into an attacker’s managed Google Workspace profile via a hidden browser session.
4. Sync Activation – The extension opens a legitimate Google support page and injects content instructing users to enable Chrome Sync. Once activated, attackers gain access to stored credentials, browsing history, and other sensitive data.
5. Full Browser Takeover – Using deceptive tactics, such as a fake Zoom update p
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: