This Google Chrome Extension Could Be Used To Steal Login Information.

Researchers have discovered that Google Chrome’s Software Mode could be abused for phishing threats.

Used to supply ChromeOS customers a clear, minimal interface for sure web sites corresponding to YouTube, when launched, Software Mode brings up a brand new browser window without the deal with bar, toolbars, or different acquainted parts – even the taskbar shows the web site favicon as a substitute of the Chrome icon.

However this mode could be abused, cybersecurity researcher Mr.d0x found. If an attacker manages to persuade a person to run a Home windows shortcut that runs a phishing URL with Chromium’s Software Mode function, the person will solely see what appears to be the login kind for an app. In actuality, although, it could be a phishing web page that steals folks’ login information.

Shortcut records data

Ever since Microsoft moved to kill malicious Workplace records data, cybercriminals have been pivoting in the direction of Home windows shortcut recordsdata (.LNK).

Cybersecurity specialists have since uncovered numerous assault campaigns that efficiently leveraged .LNK recordsdata to ship every kind of virus and malware, from QBot to BazarLoader, to something in between.

Explaining this new potential methodology, Mr.d0x says an attacker may use a shortcut file to launch a phishing “applet” on the sufferer’s endpoint:

For Chrome:
“C:Program FilesGoogleChromeApplicationchrome.exe” –app=https://instance.com
For Microsoft Edge
“c:Program Information (x86)MicrosoftEdgeApplicationmsedge.exe” –app=https://instance.com

There are several methods to abuse this flaw, Mr.d0x added, together with getting access to the goal machine, utilizing a transportable HTML file with the “-app” parameter embedded, or utilizing the Browser-in-the-Browser approach to add a pretend to deal with bar. Lastly, the assault will also be pulled off on macOS and Linux gadgets, he mentioned.

By way of BleepingComputer