Sunday, September 8, 2024
HomeCyber security CourseSymStealer Vulnerability Let Attacker Steal Login Credentials from Google Chrome

SymStealer Vulnerability Let Attacker Steal Login Credentials from Google Chrome

Published on

The SymStealer vulnerability CVE-2022-3656, newly disclosed by the Imperva Red Team, affects over 2.5 billion users of Google Chrome and Chromium-based browsers. Reports say sensitive files, including cloud provider user credentials and crypto wallets, might have been stolen due to this flaw.

Chrome has a market share of 65.52%, making it the most popular browser. Chromium, the open-source variant of Chrome, is the foundation of two additional top-6 browsers, Edge and Opera, increasing Chromium’s market share to over 70%.

Details of SymStealer Vulnerability

The bug was given the name SymStealer by Imperva researchers. The problem arises when an attacker uses the File System to access unauthorized files and get around programme limitations.

- Advertisement - EHA

Imperva’s analysis revealed that when a user drags and drops a folder directly onto a file input element, the browser recursively resolves all symlinks without displaying a warning.

“During our testing, we found that when you drop a file or folder onto a file input, it’s handled differently. Symbolic links are processed, recursively resolved, and there’s no extra warning or confirmation for the user”, Imperva Red Team.

A file type that points to another file or directory is called a “symlink” often known as a symbolic link. By doing this, the operating system is able to handle the linked file or directory as if it were actually there where the symlink is. 

Shortcuts, rerouting file paths, and more flexible file organization can all be accomplished using this.

Requesting that the user download their “recovery” keys could lead to the website tricking the user into creating a new wallet.

In reality, these keys would be a zip file with a symlink to a sensitive file or folder on the user’s computer, like cloud provider credentials. 

The symlink would be activated and the attacker would have access to the sensitive file after the victim unzips and uploads the “recovery” keys back to the website. 

The website may be made to look authentic, and the process of obtaining and uploading the “recovery” keys could seem regular, so the user could not even be aware that anything is wrong.

To access their accounts, customers of many online services, including crypto wallets, must download “recovery” keys.

“The attacker would take advantage of this common practice by providing the user with a zip file containing a symlink instead of actual recovery keys. When the user unzips and uploads the file, the symlink would be processed, allowing the attacker to gain access to sensitive files on the user’s computer”, explains the researchers.

The size of the file input element was modified by Imperva researchers using CSS so that the file uploads regardless of where the folder is dropped on the page.

Final Word

Hackers frequently utilize software flaws, like the one recently publicly disclosed, to get access to cryptocurrency wallets and steal the money they contain.

It’s crucial to keep your software updated and to stop downloading files or clicking on links from unauthorized sources if you want to secure your cryptocurrency assets. 

A hardware wallet is another smart choice for storing your cryptocurrency because it is not connected to the internet, making it less susceptible to hacking attacks.

To create secure, unique passwords for your crypto accounts, researchers recommend using a password manager and also turning on two-factor authentication is essential.

Network Security Checklist – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

SonicWall Access Control Vulnerability Exploited in the Wild

SonicWall has issued an urgent advisory regarding a critical vulnerability in its SonicOS management...

Apache OFBiz for Linux & Windows Vulnerability Allows Unauthenticated Remote Code Execution

A series of vulnerabilities affecting Apache OFBiz has come to light, raising significant cybersecurity...

Veeam Backup & Replication Vulnerabilities Let Attackers Execute Remote Code

Multiple critical vulnerabilities have been identified in Veeam Backup & Replication, a widely-used data...