Master of web puppets: abusing web browsers for persistent and stealthy

Aside | Posted on by

Master of web puppets: abusing web browsers for persistent and stealthy

If the user permits the publishing site to send push notifications, then it is even possible to have the service worker restart when the browser is restarted. If the user allows the distributor to send push notifications (more likely perhaps when the servant is distributed via a compromised site the user trusts), then MarioNet can send asynchronous notifications and updates to its service workers to re-activate them after browser restarts. The Puppeteer would simply need to periodically send a list of online links to visit…

MarioNet works across a wide range of modern desktop and mobile browsers, although in the evaluation Service Worker performance on Safari was found to be very poor (presumably Apple will improve this over time?)

Source: blog.acolyer.org