chrome Archives

Hackers have designed fake Google Meet error pages to distribute info-stealing malware which can compromise all the data on a network.

It feels as though malicious websites are springing up on a daily basis, and with 12.8 million websites infected with malware, this is a fair assumption to make. The latest attack under the Ophtek spotlight centers around Google Meet, a videoconferencing service hosted online by Google. The threat uses fake connectivity errors to lure victims into inadvertently launching the malware on their own system. And with Google Meet having over 300 million active users every month, the chance of this campaign tripping people up is exceptionally high.

The Danger of Fake Google Meet Pages

Google Meet attack appears to be part of a wider hacking campaign known as ClickFix, which has also been identified using similar fake websites impersonating Google Chrome and Facebook. In all these cases, the objective of the campaign is to install info stealers onto infected PCs. Malware used in these attacks include DarkGate and Lumma Stealer.

Fake error messages are displayed in the web browsers of victims to indicate a connectivity issue with a Google Meet call. However, there is no Google Meet call taking place, it’s simply a ruse to deceive victims into following through on a malicious call-to-action. These ‘errors’ recommend copying a ‘fix’ and then running it in Windows PowerShell, an app commonly used to automate processes on a Microsoft system.

Unfortunately, rather than fixing the ‘error’ with Google Meet, the execution of this code within PowerShell simply downloads and installs the malware. Once installed, malware such as DarkGate and Lumma Stealer has the potential to search out sensitive data on your network, establish remote network connections, and transmit stolen data out of your network.

Victims are redirected to these malicious websites via phishing emails, which claim to contain instructions for joining important virtual meetings and webinars. The URLs used within the emails appear like genuine Google Meet links but take advantage of slight differences in the address to deceive recipients.

Protecting Yourself from Fake Google Meet Malware

The best way to stay safe in the face of the fake Google Meet pages (and similar attacks) is by being proactive and educating your staff on the threats of malicious websites. Accordingly, following these best practices gives you the best chance of securing your IT infrastructure:

Double Check URLs: malicious websites often mimic genuine ones to catch people off guard. Therefore, always verify any URL for anything unusual such as misspelled words or lengthened and unusual domain endings, before clicking them. This will minimize your risk of falling victim to phishing and malware attacks.
Use Browser Security Features: many browsers, such as Google Chrome, come with built-in security features which can block sites known to be harmful or detect suspicious downloads. If you have these protections enabled, and this is easily done through your browser settings, you can rest assured you’re putting a strong security measure in place.
Install Antivirus and Firewall Software: one of the simplest way to protect yourself is by installing antivirus and firewall software, which is often available for free in the form of AVG and Kaspersky. This software can not only detect malware, but also block it before it reaches your system, so it can be considered a very strong form of defense.

For more ways to secure and optimize your business technology, contact your local IT profes sionals.

There’s nothing worse that a new and innovative malware approach, but that’s exactly what Google users have been exposed to.

This latest attack takes advantage of Google’s kiosk mode. For those of you not familiar with kiosk mode, here’s a quick breakdown: it’s a Chrome browser mode which limits devices to use only one specific app or function, perfect for public or business use. It protects devices by locking access to the rest of the device away. Typically, they can be seen in staff sign-in devices or on devices which provide access to in-person catalogues. And hackers are now exploiting kiosk mode to launch data harvesting malware.

Understanding the Google Kiosk Attack

OALABS security researchers have revealed how the attack unfolds, so we’re going to walk you through the nefarious activity and processes. Initially starting with the execution of, in the majority of cases, the Amadey malware, the attack starts with Amadey scanning the device for available browsers. Once it finds, for example, Chrome, Amadey will launch the browser in kiosk mode and direct it to a legitimate, yet compromised URL.

Cleverly, Amadey ensures that both the F11 and Escape keys are disabled, making it difficult for victims to close kiosk mode down in an instant. It’s also particularly tricky, for users, as kiosk mode tends to run in full-screen mode, meaning typical browser features such as navigation buttons and toolbars are absent. Users, therefore, are severely restricted in what actions they can take while locked in kiosk mode.

The URL, which launches in kiosk mode, is a genuine ‘change password’ page for Google credentials. However, in the background, Amadey has launched StealC, an information stealer which will then harvest the inputted credentials and forward them to the hackers. The attack is a frustrating one, and one where the hackers hope this frustration will lead to victims entering their login credentials in sheer desperation.

How Do You Escape Kiosk Mode and Stay Safe?

If you find yourself stuck in kiosk mode, there’s a risk that you could be under attack. Luckily, there are a number of measures you can take to nullify the threat:

Use Hotkey Combos: while the F11 and Escape keys may be disabled, other hotkey combos can be used to escape kiosk mode. By trying ‘Alt + F4’, ‘Alt + Tab’, and ‘Ctrl + Alt + Delete’, you may be able to break out of kiosk mode and return to your desktop. Additionally, you can hold down ‘Win Key + R’ to open Windows command prompt where you can type ‘cmd’ and then close down Chrome by typing the following command ‘taskkill /IM chrome.exe /F.’

Perform a Hard Reset: Drastic times often call for drastic measures, so that’s why a hard reset may be your best option here. Simply hold down the power button on your device, usually for five seconds, until it shuts down. You will lose any unsaved work, but it does buy you some breathing time to rescue your device.

Run an Anti-Virus in Safe Mode: Once you’ve escaped kiosk mode, it’s important to remove the initial threat from your device. You can do this by restarting your PC and entering Safe Mode – usually by pressing F8 during the bootup process – and then running anti-virus software such as AVG or Malwarebytes.

For more ways to secure and optimize your business technology, contact your local IT professio nals.

Latest Chrome Update Highlights Numerous Vulnerabilities

Chrome, Ophtek, Updates, zero-daychrome, Ophtek, updates, zero-click attacksOphtek, LLC

Aug 2022

Chrome is the most popular web browser on the market by far, but its success is no guarantee of being free from vulnerabilities as a new update shows.

No piece of software is created perfectly, so there’s always a need to update and refine applications. In particular, security vulnerabilities are one of the most common issues which software designers find themselves needing to go back and solve. And this is because threat actors will use all their resources to discover even the tiniest chink in an application’s armor. Once this has been discovered, they’re presented with the opportunity to bypass security and exploit the software.

Chrome’s latest update comes packed full of functionality upgrades, but also 11 security fixes. As it’s likely your organization regularly works with Chrome, we’re going to look at what this patch offers you.

What is Chrome’s Latest Update?

The latest update from Chrome – details of how to install it are here – delivers a variety of fixes which include:

A zero-day vulnerability – tagged as CVE-2022-2856 – which has allowed hackers to take advantage of a flaw in Web Intents, a process which allows web apps to connect with web services.
Several ‘use-after-free’ vulnerabilities, these are flaws that are usually opened when an application fails to clear its memory when used. This scenario provides a foothold to threat actors looking to breach security.
A heap buffer overload vulnerability relating to downloads made through Chrome, a vulnerability which allows memory corruption to open a backdoor for threat actors.

t only takes one vulnerability to compromise a PC, so the need to patch 11 vulnerabilities strikes a major blow to Chrome’s reputation. To make matters worse, this is the fifth zero-day vulnerability Chrome have had to issue in 2022. Digging deeper into the contents of the update, it also becomes apparent that ‘use-after-free’ errors are a significant problem within Chrome at present.

Is Chrome Safe to Use?

Computer Keyboard with symbolic padlock key

Chrome will continue to work even without the latest update. However, the protection at its disposal will be lacking any substantial strength. There’s a chance, of course, you won’t fall victim to a cyber-attack which exploits these flaws, but do you really want to take a chance? The sensible answer is: NO! And, although Chrome haven’t released any specific details about these latest vulnerabilities, you can bet your bottom dollar that hackers will now be focusing their attention on Chrome.

Therefore, it’s crucial you install this latest Chrome update as soon as possible. Even if your organization’s preference is, for example, to use the Edge browser, you need to update Chrome if it’s present on your PCs. This is the only way to ensure that security gaps are plugged. Naturally, there will be further vulnerabilities which remain unidentified, but you can only deal with threats which are known. Chrome, on the whole, is a reputable and safe browser, you just need to make sure that automatic updates are activated.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Malicious Extension Found Being Injected into Chrome

ChromeLoader, extensions, Google Chrome, malicious extensions, Ophtekchrome, ChromeLoader, Extentions, malicious, OphtekOphtek, LLC

May 2022

Chrome is the world’s most popular browser and, as such, is a major target for hackers, a fact highlighted by the emergence of a malicious Chrome extension.

If you’re a Chrome user, then you will be well aware of the wide range of benefits that Chrome extensions deliver. They not only making browsing easier, but their main objective is to make you more productive e.g. automating tasks such as blocking pop-up adverts. While Chrome extensions allow you to personalize your browsing experience, they are not without risk. Privacy concerns have surrounded browser extensions for as long as they have been available, and malicious extensions have been equally concerning.

It’s more than likely that your organization uses the Chrome browser in some capacity, so let’s look at the dangers of this most recent malicious extension.

The Lowdown on ChromeLoader

With a name that does exactly what it says on the tin, the ChromeLoader extension loads itself into Chrome. It begins its journey towards Chrome in the form of an ISO file – an image copy of the contents of an optical disc – which is currently being spread through social media sites and pay-per-install sites. Within this ISO is an executable file which, when activated, installs the ChromeLoader extension into Chrome and uses Windows’ Task Scheduler application to load the extension.

At present, the malicious activity of ChromeLoader has been recorded as relatively low. Rather than stealing data or encrypting files, ChromeLoader appears more concerned with redirecting victims towards spam sites. It’s a threat level which may not appear significant but, as with all malware, there’s a potential for ChromeLoader to evolve into something more powerful. It could, for example, be used to load ransomware into a compromised PC, and that’s when your productivity really will come under attack. And, even it remains only a minor nuisance with its spam redirection, it’s still a problem your organization could do without.

How to Tackle ChromeLoader

ChromeLoader is delivered via an ISO file, and the chances of your employees needing to handle ISO files at work are slim. Therefore, it makes sense to add ISO files to your list of prohibited files that can be downloaded. If an employee does need an ISO file downloading from the internet, then they should contact your IT team to arrange this securely. Banning torrent sites, such as PirateBay, will also limit the chances an employee has to access infected ISO files, so build this into your web filters as well.

Ultimately, extensions such as ChromeLoader prey upon the naivety of the common internet user. For the average person, a Chrome extension is a useful ally, not something to be feared. However, threat actors are always keen to deliver their malicious payloads as stealthily as possible. And that’s why they try to take advantage of routes, such as Chrome extensions, which are commonly trusted by PC users. As a result, educating your staff on the potential dangers of downloading files from the internet, such as ISO files or browser add-ons, should be a priority.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Google’s Password Checkup Aims to Secure Your Passwords

Ophtek, Password Security, Passwork Checkup, Securitychrome, google, Ophtek, Password Checkup, passwords, security, vulnerabilityOphtek, LLC

Dec 2020

Passwords are crucial in IT security and will remain relevant for the near future. But Google’s Password Checkup shows there’s always room for improvement.

We all have a long list of passwords that we use to access various IT apps and services. They’re perhaps the simplest, but most effective step you can take in thwarting hackers. Without a password it’s almost impossible to gain unauthorized access to an IT system. That’s why social engineering and phishing emails have become so popular with hackers. And one of the major problems with passwords is that computer users have a tendency to recycle the same passwords for different IT systems.

Passwords, therefore, have a number of flaws. Thankfully, Google have designed the Password Checkup app to verify the security of your passwords.

What is Password Checkup?

It’s difficult to keep up to date with the sheer number of passwords we use on a daily basis. The simplest way to combat this is to write all your passwords down, but this is one of the biggest password mistakes you can make. Now, instead of writing these passwords down, you can store them in your Chrome browser. As long as you’re running a Google account which is synced to your Chrome browser, you will be able to securely store your passwords. Naturally, this is useful for auto-complete password functions – although even this is risky – but the functionality doesn’t stop here.

The most exciting and useful feature of Password Checkup is that it will automatically tell you if your login details have been breached. A sophisticated and clever password manager, Password Checkup is linked to a database containing in excess of four billion login credentials. These username/password combinations have all, at some point, been leaked online in large scale hacks. This could potentially mean that, for example, your existing Gmail credentials are visible online for anyone to see. With Password Checkup on your side, however, you will receive an alert in your Chrome browser that your login details have been breached.

And, going back to the fact that many of us recycle our passwords, these Password Checkup alerts serve as a nudge to use unique passwords. After all, if a hacker knows that you have used the password “abc123” on your Gmail account, there’s every chance you may have used the same password on your Facebook account. Anything that reduces the time taken to breach an account is a win for hackers and you need to minimize this wherever possible.

How to Use Password Checkup

Password Checkup originally started as a standalone Chrome add-on and this continued to work until September 2020. The reason for retiring this add-on was down to Google deciding to build Password Checkup into the Chrome browser as an integral component. Therefore, the only way to access the Password Checkup service now is by using an up to date version of Chrome. You must, of course, sign into your Chrome browser with a Google account in order for your details to sync. Ultimately, using Password Checkup will make your online experience safer and securer.

For more ways to secure and optimize your business technology, contact your local IT professionals.

1 2 Next »

Fake Google Meet Pages Used to Spread Malware

Kiosk Mode Exploited to Steal Google Credentials

Latest Chrome Update Highlights Numerous Vulnerabilities

Malicious Extension Found Being Injected into Chrome

Google’s Password Checkup Aims to Secure Your Passwords

What is Password Checkup?

How to Use Password Checkup

Tag Archives: chrome

What is Password Checkup?

How to Use Password Checkup