Connect with us

Business

Attackers Exploiting Google Chrome on Windows 10 for UAC Bypass

Published

on

A malware campaign has been discovered targeting Windows 10 OS running on Chrome browsers. The attackers have used a technique called User Account Control (UAC) to bypass Windows cybersecurity protections.

The purpose of the campaign

Researchers from Rapid7 have first observed the ongoing malware campaign.

  • The objective of the campaign is to obtain sensitive data and steal cryptocurrency from the infected systems.
  • Hackers use a malicious file called HoxLuSfo.exe with obfuscated code to steal credentials. 
  • The malware targets and kills processes named Google, Microsoft Edge, and setu.

Understanding the UAC bypass

Attackers exploit a Disk Cleanup utility vulnerability in some versions of Windows 10 to bypass UAC. 

  • This allows a native scheduled task to run arbitrary code by tampering with the content of an environment variable.
  • The attackers have used a PowerShell command launched by a suspicious executable, HoxLuSfo[.]exe.

The attack chain

  • The attack starts with a targeted Chrome browser user visiting a malicious website and a browser ad service asking the user to take an action. 
  • Further, a victim is asked to allow the malicious site to send notification requests via the browser.
  • Once notifications are permitted, the victim is informed that their Chrome web browser should be updated. 

Additionally, Chrome browser history files reveal redirects to suspicious domains and other redirects before an initial infection.

Ending notes

This seems to be an advanced malware campaign, as the malware uses obfuscated code and bypasses UAC. Moreover, the campaign is financially motivated and aims to steal browser credentials and cryptocurrency. Experts recommend avoiding unknown sites and clicking on suspicious links.

Source: https://cyware.com/news/attackers-exploiting-google-chrome-on-windows-10-for-uac-bypass-5ee58e6e

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO