Skip to content
This repository has been archived by the owner on Dec 16, 2023. It is now read-only.

Commit

Permalink
Update post
Browse files Browse the repository at this point in the history
  • Loading branch information
@orf
orf committed Dec 18, 2019
1 parent 27169ad commit ba768a2
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions content/posts/google-image-malware/index.md
View file
Expand Up @@ -68,10 +68,11 @@ So the flow is pretty simple:
1. A user clicks an image that's hosted on `phonebookofgrenoble.xyz`
2. `phonebookofgrenoble.xyz` redirects the user (But *not* Google) to `milvarusso.com`
3. The user interacts with the page and accepts notifications
3. The user accepts notifications to view the image
4. A service worker is installed and will periodically send the user notifications in the background
5. The user clicks the notification, which opens a page that downloads an executable
6. The user runs the executable and is now infected
5. The user sees a os-native notification telling them "Your computer is infected"
6. They click it, which opens a page that downloads an executable. The page looks official and instructs them to run it
7. The user runs the executable and is now infected
This [is happening right now, and people are complaining about it](https://support.google.com/chrome/thread/2683736?hl=en).
Honestly it's pretty clever - Google image links are often the most ephemeral of all searches, you hit the random
Expand Down

0 comments on commit ba768a2

Please sign in to comment.