Google Chrome users in Windows should immediately disable automatic downloads in the browser to protect authentication data from a newly discovered new threat.
The Chrome browser is currently the most popular browser on desktop devices. It is configured to automatically transfer secure files to the user's system without prompt by default.
Any file downloaded by Google Chrome users passes Google's Safe Browsing checks to be automatically moved to the default folder λήψηs.
The new attack, detailed in the Defense Code website, uses Google Chrome's auto-download behavior with Windows Explorer Shell command files that have the .scf file extension.
The malicious script comes in the form of plain text that includes instructions, and limited commands. What's interesting is that it can load e.gconditions from a remote server.
The biggest problem is that Windows will process these files as soon as you open the folder where they are stored and that these files appear without extension in Windows Explorer regardless of the settings. This means that attackers could easily hide the file behind a covert file name, such as .jpg.
Attackers use an SMB server location for the icon. What happens next is that the server asks for authentication and the system will provide it. Researchers note that cracking passwords is over game, unless it is of a complex type.
The situation is even worse for Windows 8 or 10 users who authenticate with a Microsoft account, as the account will give the attacker access to online services such as Outlook, OneDrive or Office 365 if they are used by user. There is also the possibility of reusing it code access to non-Microsoft websites.
