logo
ENع
Hackers are sneaking malware into your browser using Google's link, and antivirus software can't stop it

Hackers are sneaking malware into your browser using Google's link, and antivirus software can't stop it

Yahoo4 days ago

When you buy through links on our articles, Future and its syndication partners may earn a commission.
Attackers use real Google URLs to sneak malware past antivirus and into your browser undetected
This malware only activates during checkout, making it a silent threat to online payments
The script opens a WebSocket connection for live control, completely invisible to the average user
A new browser-based malware campaign has surfaced, demonstrating how attackers are now exploiting trusted domains like Google.com to bypass traditional antivirus defenses.
A report from security researchers at c/side, this method is subtle, conditionally triggered, and difficult for both users and conventional security software to detect.
It appears to originate from a legitimate OAuth-related URL, but covertly executes a malicious payload with full access to the user's browser session.
The attack begins with a script embedded in a compromised Magento-based ecommerce site which references a seemingly harmless Google OAuth logout URL: https://accounts.google.com/o/oauth2/revoke.
However, this URL includes a manipulated callback parameter, which decodes and runs an obfuscated JavaScript payload using eval(atob(...)).
The use of Google's domain is central to the deception - because the script loads from a trusted source, most content security policies (CSPs) and DNS filters allow it through without question.
This script only activates under specific conditions. If the browser appears automated or the URL includes the word 'checkout,' it silently opens a WebSocket connection to a malicious server. This means it can tailor malicious behavior to user actions.
Any payload sent through this channel is base64-encoded, decoded, and executed dynamically using JavaScript's Function constructor.
The attacker can remotely run code in the browser in real time with this setup.
One of the primary factors influencing this attack's efficacy is its ability to evade many of the best antivirus programs currently on the market.
The script's logic is heavily obfuscated and only activates under certain conditions, making it unlikely to be detected by even the best Android antivirus apps and static malware scanners.
They will not inspect, flag, or block JavaScript payloads delivered through seemingly legitimate OAuth flows.
DNS-based filters or firewall rules also offer limited protection, since the initial request is to Google's legitimate domain.
In the enterprise environment, even some of the best endpoint protection tools may struggle to detect this activity if they rely heavily on domain reputation or fail to inspect dynamic script execution within browsers.
While advanced users and cybersecurity teams may use content inspection proxies or behavioral analysis tools to identify anomalies like these, average users are still vulnerable.
Limiting third-party scripts, separating browser sessions used for financial transactions, and remaining vigilant about unexpected site behaviors could all help reduce risk in the short term.
These are the best VPNs with antivirus you can use right now
Take a look at our pick of the best internet security suites
HP unveils the future of super-HD video meetings, but it comes at a huge price

Hashtags

Orange background

Try Our AI Features

Explore what Daily8 AI can do for you:

Comments

No comments yet...

Related Articles

Billions of login credentials have been leaked online, Cybernews researchers say
Billions of login credentials have been leaked online, Cybernews researchers say

Washington Post

time34 minutes ago

  • Washington Post

Billions of login credentials have been leaked online, Cybernews researchers say

NEW YORK — Researchers at cybersecurity outlet Cybernews say that billions of login credentials have been leaked and compiled into datasets online, giving criminals 'unprecedented access' to accounts consumers use each day. According to a report published this week, Cybernews researchers have recently discovered 30 exposed datasets that each contain a vast amount of login information — amounting to a total of 16 billion compromised credentials. That includes user passwords for a range of popular platforms including Google, Facebook and Apple.

X app code points to a physical card coming to X Money
X app code points to a physical card coming to X Money

TechCrunch

time43 minutes ago

  • TechCrunch

X app code points to a physical card coming to X Money

X's plans for a payments service may extend beyond the digital realm, new data suggests. According to findings from mobile app intelligence firm App Sensa, the X app has been updated over the past few weeks with several references related to a physical debit card, which can be customized with your X username. Dozens of new strings of code in the X app reference various actions you can take with the new debit card, including checking its shipping status, activating your card after it arrives, reporting your card lost or stolen, locking the card, setting a PIN, and more. Multiple strings also include the terms 'physical_card_option' as well as just 'physical,' the data indicates. Image Credits:App Sensa The news follows X CEO Linda Yaccarino's January announcement that Visa would be the company's first partner for the X Money service, which will allow users to instantly fund their X Wallet accounts via Visa Direct. She explained that the new service would enable peer-to-peer (P2P) payments by connecting with users' debit cards and would offer the option to instantly transfer funds to your bank account. Yaccarino also noted that this would be the 'first of many' big announcements about X Money arriving this year. This suggests that X is on a path that will see it more broadly competing with other digital banks and payment services in the near future. Image Credits:App Sensa To support its venture into payments, X has been registering for money transmitter licenses across the U.S. for over a year. As of December 2023, the company was licensed for payment processing in a dozen states. It has since increased its registrations to include 40 states, plus Washington, D.C. There are other references in the X app's code that tell us more about how this new payment card may work. For instance, some strings refer to 'cashback' and others to 'deferred debit.' It also appears you may be able to cancel your virtual card independently of the physical card and vice versa. Techcrunch event Save $200+ on your TechCrunch All Stage pass Build smarter. Scale faster. Connect deeper. Join visionaries from Precursor Ventures, NEA, Index Ventures, Underscore VC, and beyond for a day packed with strategies, workshops, and meaningful connections. Save $200+ on your TechCrunch All Stage pass Build smarter. Scale faster. Connect deeper. Join visionaries from Precursor Ventures, NEA, Index Ventures, Underscore VC, and beyond for a day packed with strategies, workshops, and meaningful connections. Boston, MA | REGISTER NOW Plus, the code suggests X could be pursuing relationships with other partners, as both MasterCard and Amex are listed as supported payment card brands. Image Credits:App Sensa X owner Elon Musk has long envisioned the app formerly known as Twitter as more than a social network. In November 2022, he shared his plans to turn X into an 'everything app' that would include things like payments and banking, as well as better support for videos and creator content. Last year, X was spotted working on the addition of a Payments button that would be added to the site's main navigation bar. X has not shared when specifically it plans to announce X Money besides sometime 'later this year,' per Yaccarino's earlier post. X did not respond to a request for comment.

Google offers to tweak search results to promote rivals, stave off EU antitrust fine, documents show
Google offers to tweak search results to promote rivals, stave off EU antitrust fine, documents show

Yahoo

time44 minutes ago

  • Yahoo

Google offers to tweak search results to promote rivals, stave off EU antitrust fine, documents show

By Foo Yun Chee BRUSSELS (Reuters) -Alphabet's Google has proposed more changes to its search results to better showcase rivals in a bid to stave off a possible hefty EU antitrust fine, according to documents seen by Reuters. Google's latest proposal came three months after the European Commission charged the U.S. tech giant with favouring its own services such as Google Shopping, Google Hotels and Google Flights over rivals in breach of the Digital Markets Act (DMA). The landmark DMA sets out a list of dos and don'ts for Big Tech aimed at reining in their power and giving rivals more room to compete and consumers more choices. Under Google's new proposal a vertical search service (VSS) selected on objective and non-discriminatory criteria would get its own box at the top of the search page with the same format, information and features as Google's, the document said. The box would contain three direct links picked by the VSS, to hotels, airlines, restaurants and transport. Other VSS, which are specialised search engines within Google, would be ranked below but without a box unless users click on them. "We do not agree with the (Commission's) preliminary findings' position but, on a without prejudice basis, we want to find a workable solution to resolve the present proceedings," the documents sent by both Google and the Commission to the rivals said. The rivals will provide feedback at a July 8 meeting called by the Commission. A number of rivals, who did not want to be named ahead of the meeting, told Reuters that the changes still do not go far enough to ensure a level playing field. Inicia sesión para acceder a tu portafolio

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store