Home Cyber Attack CursedChrome Extension Turns Chrome Browser Into A Proxy Bot

CursedChrome Extension Turns Chrome Browser Into A Proxy Bot

by Abeerah Hashim
Emotet malware target Chrome browser

A researcher has released a Chrome extension dubbed as ‘CursedChrome’ that can turn the Chrome browser into a hacker’s proxy bot. Though, there is another tool to avoid active attacks through such extensions.

CursedChrome Extension Takes Over Chrome

Reportedly, a security researcher Matthew Bryant has developed a tool that can hack the Chrome browser. The tool ‘CursedChrome’ is actually a browser add-on for Chrome that can turn the browser into a proxy bot.

As explained by the researcher,

A (cursed) Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies. By using the proxies this tool creates you can browse the web authenticated as your victim for all of their websites.

In brief, CursedChrome appears as a simple browser extension. But it has two different components to work. One works on the client-side, that is where the victim installs the tool considering it an extension. And the other is at the hacker’s end, from where he can manage all the bots. The two components communicate over a WebSocket connection that works as HTTP reverse proxy.

The attack begins after a few victims install CursedChrome extension. The hacker can then log in to the tool’s control panel at his end to manage all infected browsers.

cursedchrome extension web panel

Source: Matthew Bryant

He would know of all the infected browsers online status, and can then execute various activities. These include hijacking active logged-in sessions, navigating through the hijacked browsers, and access restricted sites and apps.

The following diagram depicts how the attack works. Whereas more details are available at GitHub where the tool is present as open-source.

CursedChrome extension attack

Source: Matthew Bryant

We Have A Fix Though – Chrome Galvanizer

Following the tool’s release, ZDNet reports that the cybersecurity community hasn’t welcomed this tool. They fear that such an aggressive tool might facilitate criminal hackers in executing malicious activities.

However, Bryant clearly describes this tool as useful for professional red teams.

Moreover, he has also developed another tool to prevent attacks by such extensions – the Chrome Galvanizer – also available on GitHub. As described,

Chrome Galvanizer is a tool to generate Chrome enterprise policies to help users harden their browser security…
This protects from hijacked extensions with backdoored updates and against extensions that have been exploited due to a security vulnerability in their code.

Bryant claims that Chrome Galvanizer can be the tool for blue teams.

The hosted version of Chrome Galvanizer is also available for swift installation.

Let us know your thoughts in the comments.

You may also like