/SEBUA

Social Engineering Browser Update Attack.

MIT LicenseMIT

SEBUA

SEBUA custom image

Created by myself and MalwareMonster.

⚠️ Warning: Only use this software according to your current legislation. Misuse of this software can raise legal and ethical issues which I don't support nor can be held responsible for.

Description

SEBUA is described as a 'Social Engineering Browser Update Attack'. This attack requires user interaction and is highly deceiving.

How it Works

  • Browser Detection: SEBUA detects the browser type (Chrome, Firefox, or Edge).
  • Data Injection: Uses document.write in JavaScript to inject data into the webpage.
  • UI Deception: Displays an overlay mimicking the official browser download page.
  • Fake Update Prompt: Demands an update to view content, triggering a download when the 'Update' button is clicked.
  • Post-Download Behavior: Sets a key in the browser's localStorage to prevent overlay reappearance after the binary execution.
  • End Result: Ideally leads to a beacon after the binary execution.

Examples

Chrome overlay Firefox overlay Edge overlay
Chrome Firefox Edge

Additional Information

The primary component is the payload.js file. To create this payload:

  1. Use document.write with obfuscated HTML in payload.js.
  2. Employ html-obfuscator for obfuscation and de-obfuscation.

Credits & Resources