Y
Hacker News
new
|
ask
|
show
|
jobs
by
tocomment
4818 days ago
What I'm not getting is how a running executable can log into a website and initiate a transaction. It won't have your password right? Or is it just a keylogger to catch your password?
1 comments
dariopy
4818 days ago
Like your regular XSRF, it relies on the user already being logged in some browser tab.
It probabley has a keylogger too.
link
It probabley has a keylogger too.