Attackers deploy rogue proxies on computers to hijack HTTPS traffic
Security researchers have highlighted in recent months how the web proxy configuration in browsers and operating systems can be abused to steal sensitive user data. It seems that attackers are catching on.
A new attack spotted and analyzed by malware researchers from Microsoft uses Word documents with malicious code that doesn’t install traditional malware, but instead configures browsers to use a web proxy controlled by attackers.
In addition to deploying rogue proxy settings, the attack also installs a self-signed root certificate on the system so that attackers can snoop on encrypted HTTPS traffic as it passes through their proxy servers.