The vulnerability of SymStealer Allows the attacker to get your Google Chrome login information - Sat Jan 14th, 2023

Published on January 14, 2023

Over 2.5 billion users of Google Chrome and Chromium-based browsers are vulnerable to the SymStealer vulnerability CVE-2022-3656, which was just made public by the Imperva Red Team. According to reports, this issue may have allowed for the theft of critical files, including crypto wallets and user credentials for cloud service providers.

With a market share of 65.52%, Chrome is the most widely used browser. Edge and Opera are two other top-6 browsers that are built on Chromium, the open-source version of Chrome, bringing the market share of Chromium to above 70%.

SymStealer Vulnerability Information

SymStealer is the moniker given to the problem by Imperva researchers. When an attacker exploits the file system to access unauthorized files and get around program restrictions, a problem occurs.

According to Imperva's investigation, the browser automatically resolves all symlinks when a user drags and drops a folder right onto a file input element.

"During our testing, we discovered that a file or folder is treated separately when you drop it onto a file input. Imperva Red Team states that "symbolic links are processed, recursively resolved, and there is no additional user confirmation or warning."

A "symlink" is a sort of file that points to another file or directory; it is also sometimes referred to as a symbolic link. This means that referenced file or directory can be treated by the operating system as if it were physically present where the symlink resides.

It allows for more flexible file arrangement, shortcuts, and rerouting of file paths.

When the user is requested to download their "recovery" keys, the website can try to deceive them into making a new wallet.

These keys would be a zip file with a symlink to a private folder or file on the user's computer, such as their cloud provider login information.

After the victim unzips and sends the "recovery" keys back to the website, the symlink is active, giving the attacker access to the sensitive file.

The user might not even be aware that something is incorrect because the website is built to appear genuine the procedure for getting and uploading the "recovery" keys may seem normal.

Customers of many online services, including crypto wallets, must download "recovery" keys to access their accounts.

The bottom line Software weaknesses, like the one that was just made public, are regularly used by hackers to get access to cryptocurrency wallets and steal the money they contain.

If you want to protect your bitcoin holdings, it's essential to keep your software updated and to refrain from downloading files or clicking on links from unknown sources.

Another wise option for storing your bitcoin is a hardware wallet, which is less vulnerable to hacker assaults because it is not linked to the internet.

Researchers advise using a password manager and setting on two-factor authentication to create safe, one-of-a-kind passwords for your crypto accounts.

Keep reading

More posts from our blog