Google Chrome: Hackers can use its Sync Feature to send commands to infected browsers and steal data

Bojan Zdrnja, the cybersecurity researcher of Croatia; recently discovered a malicious Google Chrome extension in the wild abusing the Chrome Sync process that may be helpful for hackers to steal data of users. They (the hackers) may use this feature (Google Chrome Sync) to send commands to infected browsers and steal data from those systems which are infected, bypassing firewalls as well as other defences also.

The aforementioned cybersecurity researcher in his research finds that a malicious Chrome extension that can/may communicate with a remote command and control ( in short C & C) server as well as (as) a way to exfiltrate data from infected browsers – has reported ZDNet.

Mind you, Chrome Sync is an important feature of Chrome Web browser that stores copies of users’ Chrome Bookmarks, passwords, browsing history, browser, as well as extension settings on cloud servers of Google.

The target/goal was to use the extension to  “manipulate data in an internal web application that the victim had access to.” Says so Bojan Zdrnja. And again – “While they also wanted to extend their access, they actually limited activities on this workstation to those related to web applications which explains why they dropped only the malicious Chrome extension, and not any other binaries” – says the researcher in the report.

It is noteworthy that the basis for this attack was malicious extensions that the attacker(s) dropped on the compromised system. The cybersecurity researcher Bojan Zdrnja here once more tells, ” Now, malicious extensions are  nothing new – there was a lot of analysis about such extensions and Google regularly removes dozens of them from Chrome Web Store, which is the place to go to in order to download extensions.”