Wednesday, October 9, 2024
HomeComputer SecurityHackers Exploit Google Chrome Zero-day using Weaponized PDF - If PDF Viewed...

Hackers Exploit Google Chrome Zero-day using Weaponized PDF – If PDF Viewed in Chrome

Published on

Researchers discovered a new malicious PDF sample that has an ability to exploit the Google Chrome zero-day flaw when victims using Chrome as local PDF viewer.

Attackers spreading this weaponized PDF intended to exploit the Chrome zero-day vulnerability to track the users and collect some user’s information when they open this malicious PDF in chrome browser.

Initially, this sample detected by the EdgeSpot and its act as a legitimate PDF with no malicious activities when it opened popular Adobe Reader .

- Advertisement - EHA

But the same sample open via Chrome browser locally then it immediate establish the suspicious outbound traffic and also the engine detected as s “POTENTIAL ZERO-DAY ATTACK (Google Chrome), PERSONAL INFORMATION LEAKAGE.

Later moment, researchers focused on the traffic in the background and observed that the stolen data being sent to the domain “readnotify.com” without any further user interaction.


Sample looks like opened in Google Chrome

According to Edgespot research, HTTP packet, following information of the user may be collected by the malicious sender:

  • The public IP address of the user.
  • OS, Chrome version etc (in HTTP POST header).
  • The full path of the PDF file on user’s computer (in HTTP POST payload).

In terms of special artifacts, this sample malicious PDF affects Google Chrome (as local PDF viewer), not Adobe Reader.

Apart from NTLM , it also stealing the OS information and the stored file of the local disk.

The sample PDF exploit contains the suspicious PDF Javascript code in stream-1 that eventually deobfuscated the code to call the API (“this.submitForm()” ).

This serious flaw reported to Google on December, 2018 and the Google responded that the patch will be released on April security update.

In this case, users suggested using alternative PDF reader application for viewing received PDF documents locally until Chrome fixes the issue, or disconnect a computer from the Internet when open PDF documents in Chrome.

Learn :

Some of The malicious PDF Samples that exploit This Chrome Zero-day :

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

PassProtect – Google Chrome Plugin Tell You If your Password has Been Breached

Google Chrome Extension that Steals all Data Posted by Users on any Websites

Google Chrome to Show Not Secure For HTTP Sites and Fix for 42 Security Issues

Microsoft Bing Delivered Dangerous Malware When You Try to Download Google Chrome

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Badge and CyberArk Announce Partnership to Redefine Privacy in PAM and Secrets Management

Partnership aims to help businesses eliminate vulnerable attack surfaces and provide a more streamlined...

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

Critical Automative 0-Day Flaws Let Attackers Gain Full Control Over Cars

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day...

Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

The Awaken Likho APT group launched a new campaign in June of 2024 with...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

Critical Automative 0-Day Flaws Let Attackers Gain Full Control Over Cars

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day...

Google Blocked Malicious Sideloading Apps for Indian Users

Google has launched a pilot program to block malicious sideloading apps. This initiative is...