Long Live Puppetnets!

Our first malicious userscript targets the Google login page and tries to capture the usernames and passwords submitted to Google.

Once we get our malicious userscript running on every page the victim loads in the browser, we will want to collect some data and send it to our server. However, to do this we will need to perform a cross-domain request to our which is normally prohibited because of the same-origin policy. Although we could […]

So far we have talked about issues on the client side of a “puppet”. We also need a “puppeteer” in form of a server where to send data we collect (user credentials, cookies, etc.). Since the userscripts are written in JavaScript, we’ve decided to have the server also running JavaScript. Introducing Akshell..

So assume one can get an arbitrary executable to run on the user’s machine with full privileges using an exploit such as the one presented in the last post. What would you have to do to automatically install a userscript for the current browser?

While reading about house moving scams I accessed the inconspicuous website www.aaamove.com (WARNING: do not go there!). Right after loading the homepage with my up-to-date Firefox browser, I noticed suspicious activities going on. The JVM had started running, and a weirdly named exe was running in the background. I had been infected with a virus! […]

This project investigates the possibilities of attack using bots running as long-lived processes in the user’s browser. We attempt to achieve this using a GreaseMonkey userscript which runs on every page opened on supported browsers (Google Chrome – native, Opera – native, Mozilla Firefox – with GreaseMonkey extension), there are two phases: Figure out a […]