Phishing Scam Disguised As Some of Victims' Most-Trusted Websites Hits Google Chrome's Mobile Browser




A shockingly simple however convincing phishing scam has struck Google Chrome's mobile browser, camouflaged as some of the victim' most-confided in and trusted sites.

Being alluded to as the 'Inception Bar' it has targeted on the Android mobile users for Chrome by utilizing a 'fake address'  bar that not just shows the name of a real site, yet in addition a SSL badge - used to confirm a site's authencity - demonstrating that the said page is protected.

This 'Initiation Bar' is basically a webpage inside a webpage where regardless of whether a user endeavors to scroll back up the top of the page to get to the address bar; they're constrained down, caught in the fake page.

As indicated by developer Jim Fisher, who posted about the endeavor on his own blog, hackers can utilize a blend of coding and screenshots to trap exploited people into surrendering their private information.

Fisher even exhibited that he had the capacity to change the displayed URL of his own site to that of HSBC Bank.




This trick is valuable especially for scammers who endeavor to cover a pernicious website page as a genuine one and steal significant data from uses like passwords and credit card information.

With some additional coding, Fisher says that the trick could be made increasingly advanced, by simply making the fake bar intuitive.

While his demo was done on Google Chrome, the trick would possibly influence different browsers with comparative highlights.

In any case Google has proceeded to introduce a rather large group of new security feature that explicitly targets phishing including forbidding embedded browsers and different highlights that notify users when they're perusing a 'potentially harmful' website.


Google Warns Users to Update Their Browser Immediately Due To a Disruptive Bug




A security breach revealed by hackers on the desktop version of Chrome has driven Google into warning its users to update Chrome as soon as they can or risk having their system 'hijacked'.

A part of Chrome called FileReader is supposedly thought to have been connected with the exploit, as it clearly lets software incorporated into websites access the information stored on the user's computer.

Being the most commonly utilized internet browser on the planet, with in excess of approximately two billion active users, the search giant is quite guarded about the details of the manner in which the exploit operates so as to keep the copycat hackers from utilizing comparable methods to attempt and break into user's accounts.

The fact that the security risk 'CVE-2019-5786' wasn't identified by Google in the first place accordingly implies that Chrome browsers were 'actively under attack  ' even before a fix could be released for the users, which thusly on the other hand gave hackers a 'head start' and left the user's systems at high risk even before an update is installed.

Google's lead security engineer Justin Schuh writing on Twitter, warned users: 'Seriously update your Chrome installs... like right this minute.'  Adding later that ‘unlike previous bugs found in Chrome which have targeted third-party software linked to the browser, this bug targeted Chrome code directly. 

Therefore he says that it is 'worth' cautioning user's all the more freely as the fix expects them to make the additional stride of manually restarting the browser after the update to invalidate the exploit had been downloaded.

‘Access to bug details and links may be kept restricted until a majority of users are updated with a fix, we will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.’ says Google.


Chrome Zero-Day Attack; Google Advises to Update Immediately!




Chrome releases its latest version and the researchers request all the users to immediately update their versions of the famous browser.

The latest version is 72.0.3626.121 and was released in the very beginning of March 2019.

All that needs to be done to upgrade the older version is, type the specific URL chrome://settings/help which will inform the user what version is currently on.

All these alarm signs are blaring because of a recent zero-day security vulnerability that has emerged.

CVE-2019-5786 has been identified as the vulnerability and Google says it’s aware of it and hence is warning off its users.

A vulnerability happens to be a bug which corrupts the software in a way which reduces security. Whereas, an exploit is just a way of using the vulnerability to get past the security provisions.

All the vulnerabilities pose a threat to the system even if it means producing thousands of unwanted messages.

All exploits emerge from vulnerabilities but all vulnerabilities are not a fruit of exploits.

If made to work the malicious way, vulnerabilities could be forced to do a lot more than just creating error messages.

Zero-day is a vulnerability that the cyber-cons found a way to misuse before the researchers could find an appropriate solution for it.

Meaning that a Zero-day is an attack of which even the best researchers can’t find the solutions.

These attacks are usually found out weeks or even months later they start functioning on the network.

The bug is trying to be fixed by Google and restrictions are being retained until the bug exists.

The vulnerability includes a memory mismanagement bug in a part of Chrome by the name of “FileReader”.

This “FileReader” aids the web developers in springing up menus and dialogs.

The attacker could take control of a lot when it comes to this particular bug. It’s not just restricted to reading from files and goes far as “Remote Code Execution”.

Meaning, any malware could be implanted onto the victim’s system without any warning, pop-up or dialog.

All that could be done to save your system is keeping systems up-to-date at all times.

Also, always keep checking for updates and patches to fix vulnerabilities.


Security experts exploit Google Chrome Zero-day using malicious PDF



Security researchers have found a new malicious PDF  that could be easily exploited by the Google Chrome zero-day flaw when victims using Chrome as a local PDF viewer.

Attackers are exploiting the Chrome zero-day vulnerability to track the users and collect the personal information of the users when they open this malicious PDF in chrome browser.

The security experts at EdgeSpot were the first one to spot a flaw in PDF when it is opened via Chrome browser locally, but it has no malicious activities when it opened popular Adobe Reader.

The engine detected as  “POTENTIAL ZERO-DAY ATTACK (Google Chrome), PERSONAL INFORMATION LEAKAGE.

The researchers at Edgespot found that HTTP packet is collecting information of the user by the malicious sender:


  • The public IP address of the user.
  • OS, Chrome version etc (in HTTP POST header).
  • The full path of the PDF file on a user’s computer (in HTTP POST payload).


The users are suggested to use alternative PDF reader application for viewing the PDF until the Chrome issue is fixed, or you can switch off the internet while using Chrome to view PDF documents. 

CookieMiner: Steals Passwords From Cookies, Chrome And iPhone Texts!



There’s a new malware CookieMiner, prevalent in the market which binges on saved passwords on Chrome, iPhone text messages and Mac-tethered iTunes backups.

A world-wide cyber-security organization not of very late uncovered a malicious malware which gorges on saved user credentials like passwords and usernames.

This activity has been majorly victimizing passwords saved onto Google Chrome, credit card credentials saved onto Chrome and iPhone text messages backed up to Mac.

Reportedly, what the malware does is that it gets hold of the browser cookies in relation with mainstream crypto-currency exchanges which also include wallet providing websites the user has gone through.

The surmised motive behind the past acts of the miner seems to be the excruciating need to bypass the multi-factor authentication for the sites in question.

Having dodged the main security procedure, the cyber-con behind the attack would be absolutely free to access the victim’s exchange account or the wallet so being used and to exploit the funds in them.

Web cookies are those pieces of information which get automatically stored onto the web server, the moment a user signs in.

Hence, exploitation of those cookies directly means exploiting the very user indirectly.

Cookie theft is the easiest way to dodge login anomaly detection, as if the username and passwords are used by an amateur, the alarms might set off and another authentication request may get sent.

Whereas if the username passwords are used along with the cookie the entire session would absolutely be considered legit and no alert would be issued after all.

Most of the fancy wallet and crypto-currency exchange websites have multi-factor authentication.

All that the CookieMiner does is that it tries to create combinations and try them in order to slide past the authentication process.

A cyber-con could treat such a vulnerable opportunity like a gold mine and could win a lot out of it.

In addition to Google’s Chrome, Apple’s Safari is also a web browser being openly targeted. As it turns out, the choice for the web browser target depends upon its recognition.

The malware seems to have additional malignancy to it as it also finds a way to download a “CoinMiner” onto the affected system/ device.

Android Users To Surf The Web Without A Constant Internet Connection.




On the 21st of June Google presented a new feature for its Android devices that would give users the access in India and a few different nations to surf the web without the need of a steady Web connection.

Started for Chrome on Android clients in India alongside 100 other nations including Nigeria, Indonesia, and Brazil, the feature will enable the users to surf web in areas with no or spotty web connections.

“When you’re connected to free, unmetered Wi-Fi, Chrome will automatically download relevant articles, based on what content is most popular in your location,” said Amanda Boss, Product Manager, and Offline Chrome for Android. 

For users who are already signed in, Chrome will likewise reserve important and relevant articles in view of the perusing history with the goal that the user can read them when there is no web connection in the phone. This feature is now accessible in the most recent version of Chrome.

The feature case to set aside 70 per cent of the user’s data and with the data saver mode on, Chrome downloads the content that it assumes to be generally applicable.

At the point when the Data Saver is on, the most part of the web traffic goes through Google servers before being downloaded to that specific device and Google servers compress it so less data gets downloaded to the user's device.

Aside from this, Google likewise has a data saving application also that goes by the name of - Datally- it provides the user with a few different ways to control the data usage in their smartphones. The application accompanies highlights like: ability to set daily data usage limit, set a guest mode to see how much data a friend uses, highlighting the unused apps that may be eating up your data, data usage history, WiFi finder on map and many more.



New Malware Variant Designed To Swindle Financial Data from Google Chrome and Firefox Browsers



Researchers have as of late discovered Vega Stealer a malware that is said to have been created in order to harvest financial information from the saved credentials of Google Chrome and Mozilla Firefox browsers.

At present,  the Vega Stealer is just being utilized as a part of small phishing campaigns, however researchers believe that the malware can possibly bring about major hierarchical level attacks as it is just another variation of August Stealer crypto-malware that steals credentials, sensitive documents, cryptocurrency wallets, and different subtle elements put away in the two browsers.

On May 8 this year, the researchers observed and obstructed a low-volume email campaign with subjects, for example, 'Online store developer required'. The email comes with an attachment called 'brief.doc', which contains noxious macros that download the Vega Stealer payload.

The Vega Stealer ransomware supposedly focuses on those in the marketing, advertising, public relations, and retail/ manufacturing industries. Once the document is downloaded and opened, a two-step download process begins.

The report said "...The first request executed by the document retrieves an obfuscated JScript/PowerShell script. The execution of the resulting PowerShell script creates the second request, which in turn downloads the executable payload of Vega Stealer, the payload is then saved to the victim machine in the user's "Music" directory with a filename of 'ljoyoxu.pkzip' and once this file is downloaded and saved, and it is executed automatically via the command line."

At the point when the Firefox browser is in utilization, the malware assembles particular documents having different passwords and keys, for example, "key3.db" "key4.db", "logins.json", and "cookies.sqlite".

Other than this, the malware likewise takes a screenshot of the infected machine and scans for any records on the framework finishing off with .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf for exfiltration.
While the researchers couldn't ascribe Vega Stealer to any particular group, regardless they guarantee that the document macro and URLs associated with the crusade propose that a similar threat actor is responsible for campaigns spreading financial malware.

So as to be protected, Ankush Johar, Director at Infosec Ventures, in a press statement said that "...Organisations should take cyber awareness seriously and make sure that they train their consumers and employees with what malicious hackers can do and how to stay safe from these attacks. One compromised system is sufficient to jeopardize the security of the entire network connected with that system."

Because while Vega Stealer isn't the most complex malware in use today, but it does demonstrates the adaptability and flexibility of malware, authors, and actors to accomplish criminal objectives.