Google Chrome users on Windows should immediately disable automatic downloads in the browser to protect them data authentication from a newly discovered threat.
The Chrome browser is currently the most popular browser on desktop devices. It is configured to automatically transfer secure files to the user's system without prompt by default.
Any archive που κατεβάζουν οι χρήστες του Google Chrome περνάει από τους ελέγχους ασφαλούς περιήγησης της Google για να μεταφερθεί αυτόματα στον προεπιλεγμένο φάκελο λήψηs.
The new attack, detailed in the Defense Code website, uses Google Chrome's auto-download behavior with Windows Explorer Shell command files that have the .scf file extension.
The malicious script comes in the form of plain text that includes instructions, and limited commands. What is interesting is that it can load resources from a remote server.
The biggest problem is that Windows will process these files as soon as you open the folder where they are stored and that these files appear without extension in Windows Explorer regardless of the settings. This means that attackers could easily hide the file behind a covert file name, such as .jpg.
Attackers use an SMB server location for the icon. What happens next is that the server requests the authentication and that the system will provide it. The researchers note that breaking the codes accessIt is no longer a game, unless it is of a complex kind.
The situation is even worse for Windows 8 or 10 users authenticating with a Microsoft account as the account will provide the attacker with access to online services such as Outlook, OneDrive, or Office 365 if used by user. There is also the possibility of reusing the password on sites that are not owned by Microsoft.