Recently, an IT cybersecurity researcher, Bojan Zdrnja, has published its research exposing that the threat actors are using Google Chrome’s Sync feature for Command and Control communication by exfiltrating data.
However, Zdrnja declares that the threat actors used compelling features to exploit the Chrome browser. As Google Chrome’s Sync feature could be exploited by several hackers to accumulate information from negotiated computers using maliciously-crafted Chrome browser extensions.
Evades Chrome Web Store Security Checks
All the malicious Chrome extensions are quite common for Chrome, and Google always removes hundreds of them each year from the Chrome Web Store, but this vulnerability was special remain hidden due to the way it was deployed.
Once the extension gets installed, then it dropped a background script that was designed to check for oauth_token keys in Chrome’s storage which would then get automatically synced to the user’s Google cloud storage.