Jump to content

MarioNet attack


Recommended Posts

I'm reading this article from ZDnet called:
New browser attack lets hackers run bad code even after users leave a web page

It describes a neat MarioNet attack. (neat from an attacker point of view)



The attack routine consists of registering a service worker when the user lands on an attacker-controlled website and then abusing the Service Worker SyncManager interface to keep the service worker alive after the user navigates away.

The attack is silent and doesn't require any type of user interaction because browsers don't alert users or ask for permission before registering a service worker. Everything happens under the browser's hood as the user waits for the website to load, and users have no clue that websites have registered service workers as there's no visible indicator in any web browser.


So am I protected using my EMSIsoft?

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...