Researchers Find A New Method to Run Malicious Code From Your Browser Silently

MarioNet allows hackers to run malicious code on the browser even after users have closed it

Cyber attacks are common nowadays with precautionary measures becoming a necessity. In the latest event, a new browser attack has been found that can infect you even after closing the browser. According to reports, the new browser attack has been devised by Academics from Greece. Through the attack, the hackers get to run malicious code in your browsers.

Named as the MarioNet, the attack assembles all the giant botnets from the browser. Once these botnets are assembled, then they are used for all types of malicious attacks. Through these botnets, hackers can do crypto jacking, password cracking, advertising click-fraud, boosting traffic stats, DDoS attacks, and hosting of malicious files.

The major reason for the MarioNet attack is the presence of Service Workers, a new API, in browsers. When a Service Worker is registered and activated, it continues to run in the page background. Even if the user has stopped browsing the website, the Service Worker will be activated. As the Service Worker is activated, MarioNet takes advantage of this to attack the browser.

The worst part of the MarioNet attack on the browser is that it is a silent attack. There is no requirement of any user interaction in the attack. There are no alerts sent out by the browsers to the users to seek permission to register a Service Worker. Hence there is no communication at all. It all happens when the user is waiting for the website to load with no visible indicators available.

As the MarioNet is disjointed from the point of attack, attackers can place malicious codes on websites with high traffic. This helps them to get access to a huge database which they can then control from another server. The control remains with the attacker even after the removal of malicious code. This is why the MarioNet attack is being considered a dangerous attack.

Papadopoulos et al

The most worrying part is that all modern browsers have this vulnerability, simply because the malicious “Service Worker” API is initiated from the website server you visit. Older browsers like Internet Explorer and Opera Mini (Mobile) which still use the old “Web Workers” API aren’t vulnerable, but they have other security issues which make using them counterproductive. The good news is that there aren’t any known instances of MarioNet being used in the wild, although taking precautions doesn’t hurt.

Malwarebytes Blocking Malicious Website

Avoid visiting shady websites and use proper web protection tools. Malwarebytes is highly recommended in this regard because they maintain a massive database of compromised websites which are automatically blocked when you open them. Malwarebytes isn’t limited to Web-Protection and is served as a complete security package for your devices and computers and can be downloaded from here.

The MarioNet attack will be presented at The Network and Distributed System Security Symposium (NDSS) Conference today. The research paper can be seen in in PDF format from here.