Researcher Finds Way to Steal Windows Login Credentials via Chrome and SCF Files

Bot

AI-powered Bot
Thread author
Verified
Apr 21, 2016
3,326
A security researcher managed to perform an impressive attack that allowed him to gather computer login credentials via Google Chrome and the SMB protocol.

While this type of exploits are not new, they're usually limited to local area networks. Another thing that makes this particular attack noteworthy is the fact that there have been no publicly demonstrated SMB authentication related attacks on browsers other than Internet Explorer and Edge in the past decade.

Serbian security researcher Bosko Stankovic of DefenseCode mixed together two different techniques - one taken fro the Stuxnet operation, and another that was detailed back in 2015 at the Black Hat security conference. He put together the attack by focusing on SCF files, which stands for Shell Command File, a format that supports a limited set of Windows Explorer commands.

These files are similar to LNK files, which when stored on disk will retrieve an icon file. Following the Stuxnet attacks, Microsoft forced LNK files to only load their icons from local resources so they would no longer be vulnerable to attack by making them load malicious code. SCF files, however, were left alone.

Read more: Researcher Finds Way to Steal Windows Login Credentials via Chrome and SCF Files
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top