29 C
Mumbai
Friday, July 10, 2020
Tel: 8850717892
Content Protection by DMCA.com

CursedChrome Extensions turns Chrome into a Hacker’s Proxy

Home Security Awareness CursedChrome Extensions turns Chrome into a Hacker's Proxy
- Advertisement -

Must Read

Urban Design – A New Take on Shaping Our Cities

Urban design is concerned with the arrangement, appearance and function of our suburbs, towns and cities. It is both...

Architecture & Ecology: Chitra’s Magic

One of the most influential Architects of India, Chitra Vishwanath is known for her unique approach towards design. Her...

Cargotecture – A Beacon of Light for the Construction Industry?

Various new and exciting trends sweep the construction industry. One such is the use of shipping containers for housing...
Prashant Singh
Prashant Singh
Prashant is a student of Computer Science and Engineering at NIT Allahabad. He is also a web pentester and cybersecurity analyst. He may be an introvert and sociable person at the same time. He loves meeting new people and he is in a journey to explore himself. Currently working as a content writer at BLARROW.TECH.
Content Protection by DMCA.com
Third-party extensions have always been a threat to google chrome users. Recently, security personnel proclaimed a proof-of-concept on dangerous Chrome extensions that transforms Chrome browsers into proxy bots and allow hackers to navigate through the web using a compromised user’s connection.
The tool was developed by security researcher Matthew Bryant and is named “CursedChrome.” It is available on GitHub as an open-source project.
Internally, CursedChrome is composed of two different mechanisms:
  • A client-side component (the Chrome extension itself)
  • A server-side counterpart (control server where all CursedChrome bots report)

What is CursedChrome?

CursedChrome is a third-party browser extension tool that implants into the victim’s Chrome browsers and escalates fully-functional HTTP proxies. By using the proxies, this tool allows the attacker to browse the web authenticated as your victim for all of their websites.
A project like CursedChrome is a boon tool for hackers.

CursedChrome
Source: Matthew Bryant

Affects of CursedChrome:

Once the extension is installed on the chrome browsers, then it allows the intruder to log into the control panel and helps to build a connection between infected host. The bond within the CursedChrome extension and the control panel is a mere WebSocket connection that operates as a standard HTTP reverse proxy.
This indicates that if the attacker connects to an infected host, then, they have access to navigate through the web using the infected browser, and by doing so, they can steal session cookies which further results to log in sessions and access forbidden domains, such as intranets or enterprise apps.
Besides, CursedChrome is potentially an ideal tool for pen-testers. That’s the reason why it is backed by some of the cyber-security community, who claimed that releasing something like CursedChrome does nothing but has degraded the motto for attackers to develop their own malicious tools in the future.

Purpose of Creating CursedChrome

However, in a recent interview, Bryant said that the motive of building such a tool was to engage more participation from pentesters to develop their own innovative tools.
“I open-sourced the code because I want other professional red teamers and pen-testers to be able to simulate the ‘malicious browser-extension’ scenario accurately,” Bryant said
Talking about Red teamers, he referred them as a cyber-security professional who gets paid to break into companies. Apart, they play a very crucial role in maintaining decency and keep out all the unethical web activities.
“Open-sourcing tooling is important for red teams for the same reasons as any other job: it saves time for the teams at different companies from having to rewrite everything whenever they do a red team or pentest. It’s actually doubly important for us because pen-testers and red teamers work on extremely tight timelines,” Bryant said.
The researcher also told that CursedChrome is nothing that an attacker couldn’t have built themselves. The project works on already-existing technologies and doesn’t bring any innovation to the table.
“Similar tools such as Cobalt Strike’s ‘browser pivot’ (for Internet Explorer) and the open-source BeEF framework have existed for years, and the technical details of how to perform this attack are freely available online,” Bryant said.
Furthermore, Bryant said that he is not afraid regarding hackers breaching and misusing this tool because Weaponizing CursedChrome requires that attackers either.
  • Host the extension on Chrome’s Web Store.
  • Install it via an enterprise policy or through Chrome’s developer mode.
The first case would definitely not work out because Google may index through its “web store” and eliminate the extension if found as a threat while the second scenario requires authentication to the company’s intranet server. By this point, hacker already has full authentic control and can access everything. So the use of CursedChrome becomes useless. Isn’t it.

CursedChrome
Source: Matthew Bryant

FIX TO THIS PROBLEM.

Nowadays, most of the enterprises us more web-based tools, browser extensions are more powerful than ever. Void of any rules and installation of any malicious extension can create a loophole in the system that allows hackers to bypass firewalls. It becomes indispensable to raise awareness of just what level of access you’re granting when you install a random extension for your browser. To counter such problems, researchers have created a new web-based tool, named Chrome Galvanizer. It can be installed on all workstations. Primarily, this tool is designed for IT administrators so that they could allow or block Chrome extensions from accessing malicious URLs. Thus, in this way, even if the user installs a malicious Chrome extension, the extension won’t be able to steal user credentials within the site and web server.
- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Hello Neighbour

INTRODUCTION:- The game HELLO NEIGHBOR is a Survival, Horror  Stealth game and is Developed by DYNAMIC PIXELS. The game is...
- Advertisement -

Urban Design – A New Take on Shaping Our Cities

Urban design is concerned with the arrangement, appearance and function of our suburbs, towns and cities. It is both a process and an outcome...

EvilQuest macOS Ransomware: A Smokescreen for Other Threats

The COVID-19 crisis has witnessed ample of cyberattacks. Ransomware is the most rampant threat organisations, and individuals are facing worldwide. This time threat actors...

Promethium: A “state-backed” APT Targets India

India is among the top five countries being targeted online. Most of the attacks stem from China, Russia, Pakistan, Ukraine, Vietnam and North Korea....

Can Megacities Survive the Digital Age?

An Overview: Megacities have become synonymous with economic growth since the last decade. On the one hand, the urban sprawl is accounted for the increasing...

More Articles Like This

- Advertisement -