Several crypto wallets and other online services ask users to download recovery keys to access their accounts. The keys act as a backup in case the user loses access to the account for any reason. An attacker could take advantage by providing user with a zip file containing a symlink instead of the actual recovery keys.
Google Chrome is a web browser used by netizens from across the world. A latest cyber security firm claims to have detected a vulnerability in Google Chrome and Chromium-based browsers which puts data of over 2.5 billion users at risk.
In its blog post, the cyber security firm named Imperva Red has revealed that the vulnerability labelled as ‘CVE-2022-365’, which allows the the theft of sensitive files like crypto wallets and cloud provider credentials.
The blog points to a type of file called ‘Symlink’, which points to another file or directory. This file also allows the operating system to treat the linked file or directory as it was its location.
The blog states that these symlinks can introduce vulnerabilities if not handled properly. The browser did not check if the symlink was directing at a location which was not intended to be accessible, allowing the theft of sensitive files.
Imperva Red has warned that an attacker could design a fake website posing to offer a crypto wallet service. This fake website can con the user into creating a new wallet on pretext of asking them to download ‘recovery keys’.
According to the blog, the keys are nothing but a zip file comprising symlink to a sensitive file or folder on the users' computer. The website could be designed in such a way that it looks legitimate and the process of uploading and downloading the ‘recovery keys’ could seem normal.
Several crypto wallets and other services usually ask users to download recovery keys to access their accounts, which are a backup in case the user loses access to account. But an attacker can misuse this by handing out a zip file containing a symlink to the user instead of an actual recovery keys. If uploaded, the attacker can access the sensitive files on the user's computer by processing the symlink.
The hackers target individuals and organisations holding crypto currencies as these digital assets can be highly valuable. The blog suggests keeping software up to date and not downloading files from malicious sources.