Attackers (ab)using Google Chrome. [Research Saturday]

20:47
 
Share
 

Manage episode 285449307 series 112238
By CyberWire Inc.. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Guest Bojan Zdrnja of Infigo IS and a certified instructor at SANS Institute shares an incident he discovered where attackers were using a pretty novel way of exfiltrating data and using that channel for C&C communication. The code that was acquired was only partially recovered, but enough to indicate powerful features that the attackers were (ab)using in Google Chrome. The basis for this attack were malicious extensions that the attacker dropped on the compromised system.

The research can be found here:

1736 episodes