CursedChrome Extension Turns Chrome Browser Into A Proxy Bot

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

A researcher has released a Chrome extension dubbed as ‘CursedChrome’ that can turn the Chrome browser into a hacker’s proxy bot. Though, there is another tool to avoid active attacks through such extensions.

CursedChrome Extension Takes Over Chrome

Reportedly, a security researcher Matthew Bryant has developed a tool that can hack the Chrome browser. The tool ‘CursedChrome’ is actually a browser add-on for Chrome that can turn the browser into a proxy bot.

As explained by the researcher,

A (cursed) Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies. By using the proxies this tool creates you can browse the web authenticated as your victim for all of their websites.

In brief, CursedChrome appears as a simple browser extension. But it has two different components to work. One works on the client-side, that is where the victim installs the tool considering it an extension. And the other is at the hacker’s end, from where he can manage all the bots. The two components communicate over a WebSocket connection that works as HTTP reverse proxy.

The attack begins after a few victims install CursedChrome extension. The hacker can then log in to the tool’s control panel at his end to manage all infected browsers.

cursedchrome extension web panel
Source: Matthew Bryant

He would know of all the infected browsers online status, and can then execute various activities. These include hijacking active logged-in sessions, navigating through the hijacked browsers, and access restricted sites and apps.

The following diagram depicts how the attack works. Whereas more details are available at GitHub where the tool is present as open-source.

CursedChrome extension attack
Source: Matthew Bryant

We Have A Fix Though – Chrome Galvanizer

Following the tool’s release, ZDNet reports that the cybersecurity community hasn’t welcomed this tool. They fear that such an aggressive tool might facilitate criminal hackers in executing malicious activities.

However, Bryant clearly describes this tool as useful for professional red teams.

Moreover, he has also developed another tool to prevent attacks by such extensions – the Chrome Galvanizer – also available on GitHub. As described,

Chrome Galvanizer is a tool to generate Chrome enterprise policies to help users harden their browser security…
This protects from hijacked extensions with backdoored updates and against extensions that have been exploited due to a security vulnerability in their code.

Bryant claims that Chrome Galvanizer can be the tool for blue teams.

The hosted version of Chrome Galvanizer is also available for swift installation.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!