Цитата truvo:
|
При проверке AdWCleaner забраковал ключ реестра [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect] »
|
Это известная уязвимость на Chrome. Поэтому утилита действовала так.
Vulnerability in Native Messaging of Chrome
Описывается как зловред может использовать указанный ключ.
Цитата:
1. A malicious app installs a manifest file (under ~/Library/Application Support/Google/Chrome/NativeMessagingHosts/), claiming a Native Messaging name “com.ascplugin.protect”.
2. As configured in the manifest file, now Chrome browser bonds the Native Messaging name “com.ascplugin.protect” to a native app which is malicious.
3. When the victim browser extension wants to connect to its native app using the aforementioned Native Messaging name, it will connect to the malicious native app without authentication.
4. Using the established connection, sensitive information (e.g. passwords) or control commands will be transmitted between the browser extension and malicious native app. In the demo, the extension will ask the native app whether “google.com” to be visited is malicious or not. The malicious app will respond to the extension arbitrarily, saying “Google.com is malicious”. When a real malicious website is to be visited by the victim user, the malicious native app will tell the browser extension that it’s a benign website.
|
