Many crypto wallets and online services require users to download recovery keys in order to login to accounts. These keys serve as a backup in the event that the user is unable to access the account due to any reason. An attacker can take advantage by providing the victim with a zip file that contains one of these symlinks instead of the actual keys for recovery.
Google Chrome is a web browser that is used by internet users from across the globe. A new cyber security company claims to have found vulnerabilities in Google Chrome and Chromium-based browsers that puts the data of more than 2.5 billion people at danger.
In its blog in which the cyber security company called Imperva Red has disclosed that the vulnerability is referred to CVE-2022-365, which permits loss of sensitive data such as cloud wallets, crypto wallets, and provider credentials.
The blog refers to an type of file called “Symlink,” that points to a directory or another file. The Symlink file also permits an operating system recognize the directory or file linked in the same way as if it were its original location.
The blog mentions that links can be vulnerable when they are not managed properly. The browser was not able to determine whether the symlink was directed to a destination that wasn’t intended to have access rights, which could have led to access to sensitive data.
Imperva Red has warned that an attacker may create fake websites that pretend to provide the service of a crypto wallet. The fake website could trick users to create new wallets under the pretense of requesting download “recovery keys”.
The blog claims that, according to keys are nothing more than the contents of a zip file that includes symlinks to the folder or file that is sensitive on the computer of the user. The site could be designed in an approach that appears authentic and the procedure to upload and download “recovery keys” could appear normal.
Many crypto wallets and other services generally require clients to download keys to recover in order to access their accounts. They can be used as backups in the event the user loses access to their account. However, attackers can abuse this method by giving an unzip file that contains an symlink for the user instead of actual recovery key. If it is uploaded the attacker could gain access to the private files on the computer of the user through processing the symbol.
The hackers target people and organizations that hold cryptocurrency as these digital assets are highly valuable. The blog recommends keeping your software up-to-date and avoid downloading files from dangerous sources.