“Just by accessing a folder containing a malicious SCF file, a user will unwittingly share his computer’s login credentials with an attacker via Google Chrome and the SMB protocol.

This technique is not new, but a combination of two different techniques, one taken from the Stuxnet operation, and one detailed by a security researcher at the Black Hat security conference.”

Read more at the link below:

Source: You Can Steal Windows Login Credentials via Google Chrome and SCF Files

Share This
%d bloggers like this: