SEE: Cyber Security Volume I: Hackers Exposed (TechRepublic Academy)Īs with all phishing-based attacks, the key to being protected lies in not clicking the link. It saves it to a file and transmits stolen data to a command and control server–information like usernames, passwords, credit card numbers … anything you type in your browser. Once installed, Catch-All goes to work harvesting every single thing a victim types into Chrome. It also tweaks Chrome to disable user approval for script injection, permanently allow all extensions, and disable SafeBrowsing protections. It then modifies any Chrome launcher file to ensure that Catch-All is loaded when the browser is started up. SEE: Want to improve cybersecurity? Try phishing your own employees (TechRepublic)Īs a final step, the malware installer attempts to disable Windows Firewall and terminate all Chrome processes. Only about 3% of the binaries contain actual code–the rest are just no-op code that Marinho speculates is there to trick antivirus software, which often skips scanning large files. The installer masquerades as an Adobe Acrobat installer, which actually installs a dropper, which in turn downloads incredibly bloated binaries that are about 200MB each. When the victim clicks on a link to the photos they’re instead prompted to download WhatsApp.exe, which is actually an installer for the Catch-All extension. Another day, another phishing attackĬatch-All spreads via a phishing attack telling the recipient that someone has sent them photos through WhatsApp. The previous two targeted customers of specific banks, but this latest extension is targeting everyone, making it very dangerous. Renato Marinho, chief research officer at Morphus Labs, says Catch-All isn’t alone either–in fact it’s the third one he’s written about since August. How to secure your email via encryption, password management and more (TechRepublic Premium) How to improve security awareness and training for your employees Must-read security coverageĨ5% of Android users are concerned about privacyĪlmost 2,000 data breaches reported for the first half of 2022 It has only been discovered in Brazil thus far, but it has the potential to do a lot of damage if it spreads. A malicious new Chrome extension has been discovered, and it’s a serious security risk.Ĭapable of capturing everything a victim types into an infected Chrome browser, Catch-All is spreading through email phishing attacks.
0 kommentar(er)
