29 C
Jaipur
Wednesday, October 28, 2020

Hackers Exploit Google Chrome Zero-day using Weaponized PDF

Must read

EMUI 11 Might be Huawei’s Last Android-Based OS Before Switching to Harmony

With Huawei expected to transition to Harmony OS (also known as HongMeng in China) from Android in the coming months, EMUI 11 might well...

Boat Launches Its First Smartwatch — “Storm”; Priced at Rs. 1,999

Lifestyle products manufacturer, Boat has today forayed into the world of smartwatches with its first ever offering in the space. The new Boat Storm...

Linux Kernel 5.10 Will be the Next LTS Release and it has Some Exciting Improvements Lined Up

Development for Linux Kernel 5.10 is in progress. It’s been confirmed to be a long term support release and it will be bringing newer...

Researchers discovered a new malicious PDF sample that has an ability to exploit the Google Chrome zero-day flaw when victims using Chrome as local PDF viewer.

Attackers spreading this weaponized PDF intended to exploit the Chrome zero-day vulnerability to track the users and collect some user’s information when they open this malicious PDF in chrome browser.

Initially, this sample detected by the EdgeSpot and its act as a legitimate PDF with no malicious activities when it opened popular Adobe Reader .

But the same sample open via Chrome browser locally then it immediate establish the suspicious outbound traffic and also the engine detected as s “POTENTIAL ZERO-DAY ATTACK (Google Chrome), PERSONAL INFORMATION LEAKAGE.

Later moment, researchers focused on the traffic in the background and observed that the stolen data being sent to the domain “readnotify.com” without any further user interaction.

Sample looks like opened in Google Chrome

According to Edgespot research, HTTP packet, following information of the user may be collected by the malicious sender:

  • The public IP address of the user.
  • OS, Chrome version etc (in HTTP POST header).
  • The full path of the PDF file on user’s computer (in HTTP POST payload).

In terms of special artifacts, this sample malicious PDF affects Google Chrome (as local PDF viewer), not Adobe Reader.

Apart from NTLM , it also stealing the OS information and the stored file of the local disk.

The sample PDF exploit contains the suspicious PDF Javascript code in stream-1 that eventually deobfuscated the code to call the API (“this.submitForm()” ).

This serious flaw reported to Google on December, 2018 and the Google responded that the patch will be released on April security update.

In this case, users suggested using alternative PDF reader application for viewing received PDF documents locally until Chrome fixes the issue, or disconnect a computer from the Internet when open PDF documents in Chrome.

Learn : Certified Advanced Persistent Threat Analyst Course

Some of The malicious PDF Samples that exploit This Chrome Zero-day :

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

EMUI 11 Might be Huawei’s Last Android-Based OS Before Switching to Harmony

With Huawei expected to transition to Harmony OS (also known as HongMeng in China) from Android in the coming months, EMUI 11 might well...

Boat Launches Its First Smartwatch — “Storm”; Priced at Rs. 1,999

Lifestyle products manufacturer, Boat has today forayed into the world of smartwatches with its first ever offering in the space. The new Boat Storm...

Linux Kernel 5.10 Will be the Next LTS Release and it has Some Exciting Improvements Lined Up

Development for Linux Kernel 5.10 is in progress. It’s been confirmed to be a long term support release and it will be bringing newer...

Flipkart quiz October 28, 2020: Get answers to these question to win Super coins, discount vouchers and more

Flipkart quiz is now live. It consists of five questions and is available on the mobile app of Flipkart. The daily quiz offers...