From helpnetsecurity.com
Powerful capabilities of modern browser APIs could be misused by attackers to take control of a site visitor’s browser, add it to their botnet, and use it for a variety of malicious actions, researchers from the Foundation for Research and Technology – Hellas and Stony Brook University are warning.
To prove their point, they’ve created MarioNet, a prototype framework that allows them to do just that. The hijacked resources could be used for unwanted and harmful operations such as cryptocurrency mining, distributed password-cracking, click-fraud, etc.