A naukri.com initiative
Tech Radar
2d
314
Image Credit: Tech Radar
Hackers are using Google.com to deliver malware by bypassing antivirus software. Here's how to stay safe
- A new browser-based malware campaign uses Google.com to bypass antivirus defenses.
- The malware is activated during checkout, posing a threat to online payments.
- The malicious script opens a WebSocket connection for remote control, unnoticed by users.
- The attack originates from a compromised ecommerce site referencing a Google OAuth logout URL.
- The script decodes and executes a JavaScript payload under specific conditions.
- Because the script loads from a trusted Google domain, many security filters allow it through.
- The malware dynamically executes payloads using base64 encoding and JavaScript's Function constructor.
- Attackers can run code in real-time in the browser, evading detection by top antivirus programs.
- The malware's obfuscated logic and activation conditions make it hard to detect even for advanced tools.
- Antivirus apps may not flag JavaScript payloads delivered through legitimate OAuth flows.
- Enterprise security tools may struggle to detect this activity if they rely on domain reputation.
- Basic precautions like limiting third-party scripts and monitoring unexpected behaviors can reduce risk.
- Advanced users and cybersecurity teams may use content inspection proxies for anomaly detection.
- Separating browser sessions for financial transactions could help increase security.
- The attack highlights the need to stay vigilant and take steps to enhance browser security.
- The article provides insights on how attackers are exploiting trusted domains to deliver malware and offers tips on staying safe.
Read Full Article
18 Likes
For uninterrupted reading, download the app