A control server which receives collected data.Batch captured data and transmit it to the background page through IPC.A script injected into each tab that performs the following tasks:.Event handlers for IPC messages sent by injected scripts.Event handlers for web requests and responses (such as headers, bodies).Injecting a malicious script into every tab.Batching and exfiltrating data through a TLS websocket.An always-running background page that handles the following tasks:.I designed my malware with the following components: How much damage could a sophisticated attacker with cybersecurity knowledge do? Well, I set off to write my own Chrome malware. And why go to this effort at all to only steal URLs? Their control server was unable to handle the influx of traffic from 25K users, which resulted in frequent retransmission timeouts and widely varying response times. While the attacker hid their malicious code, it was a half-hearted effort. In particular, TLS encryption would have slowed our investigation by obscuring the connection between the traffic and the Chrome extension. The attack was initiated from a direct IP connection over a nonstandard port with no TLS encryption. As we resolved the attack on our network ( read about my investigation into malware posing as a Chrome Extension), I thought about how sloppy the attack was and how easily we'd discovered the intrusion.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |