Google.com Vulnerability that bypasses anti-virus
- Thread starter wittaj
- Start date
bigredfish
Known around here
Still not exactly sure how the user gets hit?
I don’t use Google, other than a Gmail account I rarely use and gets almost zero mail.
I rarely use chrome except to access my Gmail account
I don’t use any checkout service or wallet
I don’t use Google, other than a Gmail account I rarely use and gets almost zero mail.
I rarely use chrome except to access my Gmail account
I don’t use any checkout service or wallet
lulu5kamz
Known around here
- Sep 14, 2015
- 1,205
- 4,009
Here are details from the security company that discovered this.
cside.dev
Weaponized Google OAuth Triggers Malicious WebSocket
An attacker is using ‘Google.com’ to deliver and execute their own code in a weaponized Google OAuth attack.
cside.dev
bigredfish
Known around here
I'm not seeing that?
Just use Google to search and BAM your infected?
I dont think its that simple
*Note I dont use Google at all. I use Bing for search. I avoid Google like the plague
I would think if you use the google search and then CLICK on the search results. I search for ipcamtalk, it gives me ipcamtalk.com but the virus is injected into that clickable search result.
Kind of a man in the middle attack.
Kind of a man in the middle attack.
bigredfish
Known around here
It could happen to any search engine or any site really.
I alluded to this in this thread where someone was so worked up about the Dahua plug-in and I suggested that they are uncomfortable with that yet blindly accept hitting in a login button that could be compromised and why we shouldn't let our cameras on our network. I said in that thread:
"How do we know that by typing in your username and password and hitting the "login" button that you are not behind the scenes granting that firmware access to an exploited vulnerability of the web browser or blindly allowing it to bypass anti-virus software and infect your computer, similar to mistakenly hitting a malware link on a legit website that infects your computer. Hitting that login or Save or Refresh button could be the same as clicking on an ad on a porno site that infects your computer."
This vulnerability is even worse than I suggested in that it can be generated just be which search engine someone uses and won't be long before someone figures out a way to exploit typing in a website directly instead of using a search engine.
Sometimes even the best precautions can still be exploited.
And unfortunately, there isn't too much we can do about it except use common sense practices. You realize most of us are just along for the ride, no go pedal, no stop pedal and no signaling to get off on the next stop, because this is a limited NON-stop run.
Can't worry about everything, you wouldn't get much done and you'd become miserable. I just try to take care of the seat I'm in and hope for the best. I wouldn't let worrying about something I have no control over, control my life
Not to mention the minute-by-minute, site-to-site attacks that have been going on for years now. I got this just a minute ago on Chrome trying to find ways to help a IPCT member reset a Dahua bullet with no apparent reset button according to the post but Norton intercepted it and threw up this info, from
CAUTION => networkcameratech.com :
CAUTION => networkcameratech.com :
Looks like it is someone's personal site running on Wordpress with no updates since 2018. Probably hacked as Wordpress plugin vulnerabilities are common.
Not sure if you're referring to wittaj's post #8 or my #10 which is 6.8 and the latest version is 6.8.1 for a bug fix (maybe that's the bug?)
The "google.com vulnerability" has nothing to do with google search. It is just another one of many mechanisms a hacker could use on an already-compromised website to get that website to load their malicious script. The key is they already need to have compromised someone's website, and get you to load that website, and get you to enter sensitive information (like payment info) on that website, in order for them to do anything with it. If this "google.com vulnerability" was to be fixed, they could just use a different mechanism to load their malicious script.