new | show | ask | jobs Github

free_bip a day ago

Is the use of WebAssembly going to make spotting these malicious extensions harder?

▲

pyrolistical a day ago | parent [-]

Probably not. All side effects need to go through the js side. So you can alway see where http calls are made

▲

x-complexity a day ago | parent [-]

> Probably not. All side effects need to go through the js side. So you can alway see where http calls are made

That can be circumnavigated by bundling the conversations into one POST to an API endpoint, along with a few hundred calls to several dummy endpoints to muddy the waters. Bonus points if you can make it look like an normal-passing update script.

It'll still show up in the end, but at this point your main goal is to delay the discovery as much as you can.

	▲	g947o 20 hours ago \| parent [-]
		As soon as you hijack the fetch function (which cannot be done with WebAssembly alone), it's going to look suspicious, and someone who looks at this carefully enough will flag it.