The new “Syncjacking” cyber attack from the browser allows hackers to take control of your computer via Chrome

The hackers have discovered a new way of taking control remotely from your computer – throughout the Google Chrome web browser.

A report by the Cybersecurity Company Square presents the new multiform cyber attack, which the company has nicknamed “Syncjacking of the browser.”

Chrome profile take-over

At the heart of the attack is an element of social engineering, because the malicious actor must first convince the user to download a chrome extension. The Chrome extension is generally disguised as a useful tool that can be downloaded via the Official Chrome store. It requires minimum authorizations, further cementing its perceived legitimacy to the user. According to Squarex, the extension generally works as announced, in order to further disguise the source of the user attack.

Meanwhile, secretly in the background, the Chrome extension connects to a managed Google Workspace profile that the attacker has set up in advance. With the user now signed without knowing it in a managed profile, the attacker sends the user to a legitimate Google assistance page which is injected with modified content via Chrome extension, indicating to the user that he needs to synchronize your profile.

When the user accepts synchronization, he involuntarily sends all his local browser data, such as recorded passwords, navigation history and automatic development information, with the managed pirate profile. The hacker can then connect to this profile managed on its own device and access all this sensitive information.

Chrome browser recovery

The attack on to this point already provides the hacker enough equipment to commit fraud and other illicit activities. However, browser syncjacking offers hacker the ability to go even further.

Using the teleconferencing platform zoom as an example, Squarex explains that using the malicious chrome extension, the attacker can send the victim to an official but modified zoom web page that urges the User to install an update. However, the zoom -supplied download is actually an executable file that installs a Chrome Browser registration token from the Google of the Pirate workspace.

After that, the hacker then has access to additional capacities and can access the user’s Google player, the clipboard, emails and more.

Device takeing

The browser synchronization attack does not stop there. The hacker can make a new step in order not only to resume the victim’s Chrome profile and the Chrome browser, but also their whole device.

Thanks to this same illicit download, such as the example of an update installation Zoom previously used, the attacker can inject a “register input for message of native applications” in arms the native chrome messaging protocol. In doing so, the attacker essentially establishes a connection “between the malicious extension and the local binary”. Basically, this creates an information flow between the Chrome extension of the Pirate and your computer. Using this, the hacker can send commands to your device.

What can the hacker do here? About everything they want. The attacker will have full access to the user’s computer files and settings. They can create drifts in the system. They can steal data such as passwords, cryptocurrency wallets, cookies, etc. In addition, they can follow the user by controlling their webcam, taking screenshots, saving the audio and monitoring the entire entry into the device.

As you can see, browser syncjacking is almost completely unrecognizable as the attack for most users. For the moment, the most important thing you can do to protect yourself from such a cyber attack is to be aware of what you download and install only trusted chrome extensions.