New attack on Google Chrome steals user passwords and controls PC

Browser Syncacking: This is the name of a new attack that uses Fake Google Chrome extensions to steal identity information and precise information from infected devices.

The method discovered at the end of January 2025 has emerged by researchers at the Squarex Cyber ​​Security Company and has the potential to harm the digital life of thousands of chromium users who often use extensions.

This method has several action steps: Google begins to play profile identity information, then seizes the scanner’s control and ends with full access to the victim’s computer. One of the most worrying points is that the victim has almost no interaction to allow malicious work, only the extension installation.

Modus Operandi

The trace of this attack begins with a cyber offense that contains various user profiles, which contains various user profiles and develops a malicious Google working area without activating the second Identity Factory of these accounts.

With this study, a false chromium extension that attracts the attention of the victims is created and published in the Chrome Web Store. A question on the computer, the sacrifice quietly logged in the Google Workspace criminal.

“Using various social engineering techniques, the user finds the malicious extension in the Chrome store,” he says.

“When it sees that this extension has only more popular extensions such as grammar and zoom, the victim sets up the extension of the sacrifice. The extension provides the functionality it promises and further eliminates the suspicion that the extension is malicious. Over time, when the victim returns to his daily routine, the presence of extension is in the background. The extension is connected to the field of the invader, recovers the identity information, and finalizes the relevant Oauth steps to save the victim to one of the created user accounts.

The penal program continues its action by injecting a legitimate Google support page (abuse of reading and recording privileges): the user asks the chrome to synchronize.

Finally, with synchronized chrome, cybercriminos can reach stored data, passwords, past, e -mails, and climbing other attacks that make up the theft of issues listed below.

• Files stored on Google Drive/One Drive
• Any information copied to the device transfer field
• All user login, including passwords and financial information
• Reduce users for malicious pages
• Silently verify third -party access to corporate applications
• Malicious Extensions
• Access File Systems
• Change Systems
• Capture Key pressures, save the sound from the microphone, access the webcam, catch screen, watch the content of the transfer area and watch the form posts in all browsers
• Remote the device

“Unlike previous extension attacks, including detailed social engineering, the researchers now need only the minimum permissions and a small stage of social engineering, almost without the user interaction to realize this attack,” he says. “There is no real visual indication that a browser has been kidnapped unless the victim is extremely paranoid in terms of security and is not experienced enough to stroll in chrome configurations for chrome configurations for technically managed browser labels.”

Bleeping computer, which first reported the situation, contacted Google and did not receive an answer.

Such cases strengthen needs such as antiviruses that help us on the Internet. There are a few interesting solutions on the market – and even free of charge. These include Avast, Kaspersky, Eset, Malwarebytes and other software.