On a typical PC, installed software has even more permissions than a browser ext... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dvdkon on Feb 4, 2024 \| parent \| context \| favorite \| on: Browser extensions are underrated: the promise of ... On a typical PC, installed software has even more permissions than a browser extension, and all any malware author has to do is write their own keylogger or upload the browser cookie database. Sure, it's a little more effort, but I think the only real advantage that malicious browser extensions have over native programs is the discoverability and auto-update Google and Mozilla give them "for free".

asjir on Feb 5, 2024 [–]

Wouldn't AV pick up uploading browser cookies?

dvdkon on Feb 5, 2024 | [–]

I don't know, it would simple enough to catch, but would also flag access by file managers. Probably the only way is to test. Generally I've found writing malware from scratch is enough to get it through AV, but I only tested on what I had installed.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact