Οι χρήστες του Google Chrome στα Windows θα πρέπει να απενεργοποιήσουν άμεσα τις αυτόματες λήψεις στο πρόγραμμα περιήγησης για να προστατεύουν τα δεδομένα ελέγχου ταυτότητας από μια νέα απειλή που ανακαλύφθηκε πρόσφατα.
Any file downloaded by Google Chrome users passes from Google's Safe Browsing controls to automatically transfer to the default download folder.
New attack, που περιγράφεται λεπτομερώς στον ιστότοπο Defense queues, uses the behavior automaticof downloading Google Chrome with Windows Explorer shell script files that have the .scf file extension.
The malicious script comes in the form of plain text that includes instructions, and limited commands. What is interesting is that it can load resources from a remote server.
The even bigger one problem is the fact that Windows will process these files as soon as you open the folder they are stored in, and that these files appear without an extension in Windows Explorer regardless of the settings. This means that attackers could easily hide the file behind a disguised file name, such as .jpg.
Attackers use an SMB server location for the icon. What happens next is that the server asks for authentication and that the system will provide it. Researchers note that password cracking is a toy unless it's a complex kind.
The situation is even worse for Windows 8 or 10 users who authenticate with a Microsoft account, as the account will give the attacker access to online services such as Outlook, OneDrive or 365 office, if used by the user. There is also the possibility of reusing the password on non-Microsoft sites.