Tag Archive for: Browsers

New ChromeLoader malware surge threatens browsers worldwide

/in


Chrome logo on a red background

The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable volume since the start of the year, causing the browser hijack to become a widespread threat.

ChromeLoader is a browser hijacker that can modify the victim’s web browser settings to show search results that promote unwanted software, fake giveaways and surveys, and adult games and dating sites. 

The malware’s operators receive financial gains through a system of marketing affiliation by redirecting user traffic to advertising sites.

There are many hijackers of this kind, but ChromeLoader stands out for its persistence, volume, and infection route, which involves the aggressive use of PowerShell.

Abusing PowerShell

According to Red Canary researchers, who have been following the activity of ChromeLoader since February this year, the operators of the hijacker use a malicious ISO archive file to infect their victims.

The ISO masquerades as a cracked executable for a game or commercial software, so the victims likely download it themselves from torrent or malicious sites.

The researchers have also noticed Twitter posts promoting cracked Android games and offering QR codes that lead to malware-hosting sites.

When a person double-clicks on the ISO file in Windows 10 or later, the ISO file will be mounted as a virtual CD-ROM drive. This ISO file contains an executable that pretends to be a game crack or keygen, using names like “CS_Installer.exe.”

Contents of ISO file
Contents of ISO file (Red Canary)

Finally, ChromeLoader executes and decodes a PowerShell command that fetches an archive from a remote resource and loads it as a Google Chrome extension.

Once this is done, the PowerShell will remove the scheduled task leaving Chrome infected with a silently injected extension that hijacks the browser and manipulates search engine results.

The PowerShell used against Chrome on Windows
The PowerShell used against Chrome on Windows
​​​​​​​(Red Canary)

macOS targeted too

The operators of ChromeLoader also target macOS systems, looking to manipulate both Chrome and Apple’s Safari web browsers.

The infection chain on macOS is similar, but instead of ISO, the threat actors use DMG (Apple Disk Image) files, a more common format on that…

Source…

How to Test Your Browser’s Security

/in


As your personal gateway to the internet, your web browser is the first line of defense against malicious websites. If your internet browser is not secure, viruses and spyware can infect your computer and damage your important data.

And while a good antivirus does help, it’s always better to prevent the entry of malware in the first place rather than try to fix the damage. But what exactly can you do about it? Is there any way to check your browser for any security vulnerabilities?

Let’s try to answer these questions.

Does Browser Security Even Matter?

At first glance, the idea of having to secure your Google Chrome or Mozilla Firefox browser sounds strange. After all, we all have antivirus software on our computer, so what’s the point of worrying about the browser too?

However, an antivirus can only go so far. These programs are specialized for the removal of malware and viruses, but cannot do much against dynamic online threats. Things like Phishing or malicious scripts on a web page are issues for the browser to solve.

Such threats usually stem from malicious add-ons or ActiveX plugins, though the switch to HTML5 and SSL has reduced the prevalence of these security issues greatly. Nowadays, you mostly face problems by granting permissions to the wrong web pages or having an out-of-date browser with weak security features.

Best Sites to Test Your Browser’s Security

The quickest and simplest way to check your browser for vulnerabilities is to use a dedicated browser security test. These web applications verify your internet browser’s capability to deal with online threats, giving the a-ok if everything is found up to the task.

Qualys BrowserCheck

Probably the most popular browser security test of the bunch is Qualys’ BrowserCheck tool. Qualys is a well-known company involved with information security, and its browser testing tool is a great way to check your browser’s security profile.

There are two versions of the tool – a plugin that has to be installed on your browser, and a Javascript version that can run on its own. The plugin provides a more comprehensive overview of the security features of your…

Source…

The best web browsers for 2022

/in


Unlike choosing MacOS, Windows, or Chrome OS, where choices are mutually exclusive, switching between web browsers isn’t quite so jarring. You can download and install any browser you choose, but which is best? And which is the best web browser for privacy?

To help you decide on the best web browser, we grabbed the latest browsers and put them through their paces. Even if some of them could use a complete overhaul, these options are your best chance for a great online experience.

The best web browser: Google Chrome

Google Chrome 88 fixed on Digital Trends site.
Google Chrome 88

Chrome is ubiquitous — and for good reason. With a robust feature set, full Google Account integration, a thriving extension ecosystem (available through the Chrome Web Store), and a reliable suite of mobile apps, it’s easy to see why Chrome is the most popular and the best web browser.

Chrome boasts some of the most extensive mobile integration available. Served up on every major platform, keeping data in sync is easy, making browsing between multiple devices a breeze. Sign in to your Google account on one device, and all Chrome bookmarks, saved data, and preferences come right along. Even active extensions stay synchronized across devices.

Chrome’s password manager can automatically generate and recommend strong passwords when a user creates a new account on a webpage. The search bar, or Omnibox, provides “rich results” comprised of useful answers. Favorites are more accessible as well, and they’re manageable on the New Tab page.

Other updates have included a Dark Mode for Windows and MacOS, better New Tab customization and tab group creation, tab hover cards, and an in-browser warning if your password was discovered in a data breach. Android users will appreciate the Phone Hub for linking and monitoring your phone. There’s also the ability to quiet notifications so websites don’t bombard you with requests to enable in-browser notifications.

What’s the bottom line? The Google Chrome browser is fast, free, and even better-looking than before. With a thriving extension ecosystem, it’s as fully featured or as pared-down as you want it to be. Everything is right where it belongs, privacy and security controls are laid out in plain…

Source…

Social Engineering Threats Rose 270% in 2021 – Indicating a Shift to Multi-Channel Phishing Attacks as Apps and Browsers Move to the Cloud

/in


Humans are the most vulnerable cybersecurity entry points into an organization. By moving completely to the cloud, apps and browsers are all humans need to communicate with work, family, and friends. In the Human Hacking report recently published by SlashNext Threat Labs, data shows phishing attacks rose 51% over 2020 (a record-breaking year), and 59% were credential stealing. 

As human interaction has largely moved to the cloud, cybercriminals are taking advantage of this by attacking outside of email and looking to less secure channels like SMS text, social media, gaming, collaboration tools, and search apps. Social engineering is the cybercriminal’s preferred method of hacking humans, as demonstrated in the 270% increase in social engineering threats found by SlashNext in 2021. There were many contributing factors to the increase, including one million malicious URLs in July during the Tokyo Olympics found on all digital channels, including apps and browsers.

DevOps Experience

The other contributing factor to the spike in social engineering is the 2021 LinkedIn data breach. The two data breaches at LinkedIn resulted in over one billion records being sold on the Darkweb, available to cybercriminals to increase spear-phishing efforts towards high-value targets. Cybercriminals are using these attacks to gain access to corporate data, which leads to 91% of all successful cyber breaches – including ransomware attacks, data theft, and over $30 billion of financial fraud.  

Another trend revealed in the report is the increase in phishing on legitimate hosting infrastructure. Of the more than 14 million malicious URLs SlashNext identified in 2021, 2.5 million were spear-phishing hosted on legitimate infrastructures like AWS, Azure, outlook.com, and sharepoint.com. What is attractive about using legitimate infrastructure is the opportunity for cybercriminals to easily evade current detection technologies like secure email gateways, firewalls, and proxy.

The shifting phishing landscape, combined with cybercriminals’ access to automation, data, and intelligence, has quickly made human hacking the number one cyber threat. Previous security strategies, including secure email gateways,…

Source…