New browser attack lets hackers run bad code even after users leave a web page



  • "Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers even after users have closed or navigated away from the web page on which they got infected.

    This new attack, called MarioNet, is possible because modern web browsers now support a new API called Service Workers. "
    https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/


    modedit removed fullquote as this infringes copyright laws in some countries


  • Moderator

    FYI if interested in more tech background on this malware:
    PDF MarioNet at https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_01B-2_Papadopoulos_paper.pdf



  • @npro it wasn't a fullquote just 3 cherry-picked paragraphs to present the important points of the whole article, therefore added a sentence to your edit 🙂



  • @raed said in New browser attack lets hackers run bad code even after users leave a web page:

    The uMatrix extension has a setting to disable Web Workers.

    Does it block on a per-domain basis, or globally?

    I've figured uMatrix to be overkill in complexity for my needs, which is basically just be able to automatically delete cookies++from domains I do not whitelist.

    However, at the moment Chrome lacks an API for extensions to automatically clear Local Storage on tab close, so I might have to run uMatrix just for those annoying things.

    I mean. I have service workers for sites I haven't even visited. Whoever thought implementing that mess as a browser-standard should be ... well... first to the wall when the revolution comes...


  • Moderator

    The W3C tecnology Service Workers can be used for good and bad purposes.
    Some website register one for notifications. Some deliver malware.

    I do not know how browser can decide to check which service is malware and which not.



  • @Gwen-Dragon said in New browser attack lets hackers run bad code even after users leave a web page:

    Some website register one for notifications. Some deliver malware.

    Well, I need neither notifications, nor malware (obviously) 😎



  • @raed @Pathduck All use of Windows mess up the bit settings to keep connections alive by "KEEPALIVE" and "DONTLINGER" - bit 12 and 14. This is the first violation that allows others to walk in and some other code take over a connection. The "lingering" is used to share connections. But these things are not considered in any standardisation efforts, they are considered "Solved" in the first definition. Frem a WEB server, these should always start without these settings, it is the Windows at the other end that reset and keep the connections.
    Things has since been changed and other software expect things to behave as for Windows, so expect that my Mac can set / reset and muck around.
    But it is nothing that stops an application like Vivaldi to "read" sockets in use, and modify them so that connections are not just closed but wiped out and made unusable. We keep the application alive and these bit will restrict other apps from being able to use the leftover connections. You will find these connections in "IOWAIT" in "netstat -a". I had my consultants monitor connections, and we had to kill and wipe out to make sure that the servers did not run out of ip resources. "The other side" sets "our side" drivers.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.