Browser extensions are cross-platform
That's the thing: a browser extension that does not use native operating system executables at all and simply runs in browser should be as OS-agnostic as a Flash game. If I had a machine stolen and didn't know what OS the thieves had installed but could push a program to it by a known IP address, that's exactly how I would do it. A browser extension that keylogs passphrases entered into websites, for instance, is a monetizable cross-platform attack that could target not only your online accounts but your bank accounts too if you ever bank online! Also, for that malicious login don't forget plain old phishing, man in the middle attacks on wifi access points-even with WPS if a weak passphrase is used, all the usual stuff.
Originally posted by Mat2
View Post
Comment