Anyone can steal your Chrome accounts with this, protect yourself

Fake forms to steal passwords in Chrome

I’m sure you’ve ever tried log in to a web page and you have got a form to enter automatically with Google, Twitter or Facebook. It is a way to save time and not have to register. We simply click, for example, on Google and put our data and that’s it.

This is safe? They basically make use of protocols like Open ID and 0auth. On paper we can say that this method is reliable. Our data is managed by platforms as important as Google or Facebook. Total security does not exist and there can always be some breach, but in the same way that there could be when logging into any program or online service.

The problem comes when a hacker is able to falsify those forms to login. What they do is create a page in Chrome that pretends to be legitimate and where they are going to give us the opportunity to enter through Facebook, Google and other services. Clicking on any of them will open a new window to put personal data.

This type of windows they are very simple. They basically have the URL (where you will see the name of Google, Facebook or Twitter, to give more security) and the button to log in. This is exactly what hackers do: fake a window in Chrome in such a way that it seems real, with the URL to that type of service and everything very real.

What they do is create a fake browser window, inside real browser windows. This is what is known as a BitB attack. The result is a Phishing attack in order to steal passwords.

Templates accessible to all

The security researchers behind this indicated that it is use templates which are very accessible to any attacker. They were created by mr.d0x and he posted them on GitHub. These templates are very customizable, so they adapt to all types of users and also to Chrome’s dark mode.

Without a doubt, this is a major problem, since they are templates that can be used for Chrome and affect the security of many users. It is important be prepared and avoid attacks of this type that can compromise our accounts when browsing the Internet. You can see an example shown by mr.d0x where a window appears to log in through Facebook. One is false and the other legitimate:

How to be protected and avoid password theft in Chrome? The main thing of all is the common sense. You must make sure very well where you are accessing. You should never log in from links that are not trustworthy and do not offer real guarantees. You should also enable two-factor authentication to create an extra layer of security. In addition, it is good to always have security programs and have everything updated.

Related Articles

Leave a Reply

Your email address will not be published.