1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This devious malware hijacks key Google Chrome dev tools to steal

    From TechnologyDaily@1337:1/100 to All on Wed Sep 6 15:45:04 2023
    This devious malware hijacks key Google Chrome dev tools to steal data

    Date:
    Wed, 06 Sep 2023 15:12:20 +0000

    Description:
    A new version of a known malware variant was spotted in the wild.

    FULL STORY ======================================================================

    Cybersecurity researchers have recently discovered a piece of malware that uses Googles DevTools Protocol to steal data from its victims.

    In a research report , Israeli-based Morphisec said it observed a brand new version of malware known as Chaes.

    This new version, named Chae$ 4, comes with significant transformations and enhancements, which include new means to steal credentials, and a way to
    steal clipboard data. Running scripts

    "The malware uses Google's DevTools Protocol to connect to the current
    browser instance," the researchers said. "This protocol allows direct communication with the inner browser's functionality over WebSockets."
    Through this protocol, the attackers can run scripts, intercept network requests, read POST bodies before encryption, and more, they added.

    Chaes is hardly new. Its been around for years, with first observations being recorded in 2020. Since then, it lived through numerous changes and upgrades, with the latest one also being the biggest one: "It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced communication protocol," Morphisec said.

    Chaes operators, going by the name Lucifer, mostly target organizations in banking and logistics industries, located in Latin America. Most of their targets are Brazilian.

    To infect their targets endpoints , the attackers would first compromise a website, and install a pop-up which would have the visitors download an installer for Java Runtime or an antivirus. This, in fact, would deliver a malicious MSI file, launching the first module for Chaes. Its this module
    that later downloads additional payloads, depending on the attackers plans. Some modules steal extensive information about the victims device, others can steal credentials stored in the browser. Some can intercept financial
    payments (both fiat and crypto), and some can upload various sensitive data
    to the threat actors C2. More security news from TechRadar Pro These are the best ID theft protection tools right now This Android malware avoids
    detection with a clever trick What is malware and how dangerous is it?



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-devious-malware-hijacks-key-google -chrome-dev-tools-to-steal-data


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)