🔒 [ANTI-MALWARE LOGIN: Inovasi Login Aman dari Ancaman Extension Berbahaya] 🔒

0 0 Jumat, 20 Juni 2025 2025-06-20T15:20:00+07:00 Edit this post

  Beberapa waktu terakhir, saya melakukan eksperimen keamanan dan mendapati bahwa malware berbasis Chrome Extension bisa sangat berbahaya ....

 Beberapa waktu terakhir, saya melakukan eksperimen keamanan dan mendapati bahwa malware berbasis Chrome Extension bisa sangat berbahaya.



📌 Saya berhasil membuat keylogger berbasis add-ons yang:

  • Bisa berjalan tanpa disadari user
  • Merekam login saat mengakses aplikasi sensitif seperti KlikBCA
  • Tidak terdeteksi melalui tab Network di DevTools
  • terbebas alware dari virustotal scan

⚠️ Ini menunjukkan betapa rentannya form login biasa di browser desktop terhadap extension jahat.

💡 Maka, saya mencoba membuat prototipe Anti-Malware Login v2 — login system yang tahan terhadap pencurian data via extension. Berikut teknologi yang saya gunakan:

6 Lapisan Keamanan:

  • Virtual Keyboard Input tidak lewat <input> form biasa, sehingga keylogger extension tidak bisa membaca ketikan.

Article content
Virtual Keyboard

  • Hidden Decoy Inputs Membuat input palsu untuk mengecoh spyware yang membaca dari DOM.

Article content
Hidden Decoy Inputs

  • Client-side AES Encryption (CBC Mode) Username & password terenkripsi sebelum dikirim ke server, dilindungi oleh kombinasi Client Secret + Session Token.

Article content
Client-side AES Encryption (CBC Mode)

  • Session-based CSRF Token Token unik dihasilkan per sesi untuk mencegah serangan CSRF.

Article content
Session-based CSRF Token

  • Anti-Debugging Features Blokir F12, Ctrl+U, dan indikasi inspeksi DevTools.

Article content
Anti-Debugging Features

  • Input Disimpan di Memori (bukan DOM) Tidak ada data sensitif yang tertulis di HTML — hanya ada di JavaScript memory.

Article content
Input Disimpan di Memori (bukan DOM)

🛡️ Hasilnya: Extension jahat tidak bisa mengakses input asli, dan bahkan tertipu oleh form palsu. Ini bukan solusi sempurna, tapi sangat meningkatkan lapisan keamanan saat login.

📱 Catatan tambahan: Browser Chrome versi mobile lebih aman dari serangan ini karena tidak mendukung add-ons/extension.

🔍 Saya akan bahas solusi untuk para developer (best practices agar login form aman) di artikel terpisah.

🚫 Jangan sembarangan install extension dari Chrome Web Store. Validasi, audit, dan minimalisir add-ons yang tidak perlu.

Kalau kamu tertarik dengan topik keamanan aplikasi web dan eksplorasi seperti ini, feel free to connect & share your thoughts.

#cybersecurity #websecurity #frontendsecurity #malwareprotection #virtualkeyboard #infosec #OWASP #linkedinposting

Label:

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
DISQUS
Nama

2fa,2,adsense,3,ai,36,Alat,1,Algorithms,3,Android,29,anti virus,1,Apache,4,api,4,apipedia,3,Aplikasi Android,10,apps,2,AppSheet,40,arang,1,Array,3,array formula,3,Artikel,8,bca,1,Belajar,1,Bengkak,1,Berita,1,Berita terkini,13,Biografi,1,Bisnis,139,Bitcoin,1,Blog,7,Blogger,34,Blogger Template,1,Blogging,2,Bootable,1,bot,1,build with ai,10,build with syahdandev,16,bun.js,1,catlang,1,chat gpt,2,Cheat,1,Chrome,2,claude,1,cloudflare,1,Code,16,coding,11,collaboration tools,1,Competitive Coding,7,copilot,1,CPU,1,Crud,1,CSS3,2,cybersecurity,8,Data Structures,18,Database,1,decode,1,Deep Learning,3,Desain Blogger,47,Design,3,developer,5,Development,8,Domain Hosting,2,Download,4,dunia kerja,2,Elon Musk,4,enak,1,encode,1,excel,2,express,1,Facebook,2,fact or hoax,1,fastify,1,free,1,Free Course,13,Game,5,Gamers,2,gemini,2,generate with AI,3,generator,1,github,2,google,12,Google AdSense,20,Google Apps Script,25,google calendar,1,google docs,2,google drive,2,google forms,1,google mail,1,google maps,1,Google Script,3,google sheets,15,Google Webmaster Tools,1,Hardware,1,Home,1,hosting,4,Hostinger,1,HP,2,HTML,6,HTML5,2,HyperOs,1,ice cream,1,ide kreatif,2,image creator,2,Indonesia,1,Instagram,2,instant vdeo generator,1,integrator,1,Internet,8,iOS,1,IOT,2,iphone,1,IT,6,JavaScript,7,js,4,Kenali,1,Keren,1,Kesehatan,14,laragon,1,laravel,1,Leet Code,7,library,1,Linked List,4,Linux,8,llama,1,Machine Learning,4,malware,2,map,1,Mark Zuck,1,Marketing Tools,1,marketplace,1,Mata,1,Math,8,mbti,2,McDonald's,1,meme,1,meta,1,mfa,1,Microsoft Word,1,Minimalis,1,miscellaneous questions,1,mixue,1,Mobile Legends,4,Motherboard,1,motivasi,1,murah,1,mysql,5,Neovim,1,Networking,1,next js,1,ngingx,1,NIK,1,NLP,1,no code,5,node js,11,nodejs,1,NPWP,1,obfuscated,1,Office,1,open ai,3,Oppo,1,Parallel Space,1,pc,2,PDF Print,1,pgsql,2,Phoenix OS,1,PHP,16,phpmyadmin,2,portofolio,1,postman,3,Power Point,1,Presentation,1,price list,1,Program Aplikasi,6,programmer,3,programming,1,psikolog,4,python,5,query,1,Quesions or Answers (Quora),2,Questions or Answers (Quora),1,RAR,2,Recursion,3,regex,2,Regulasi,1,Review,147,Rufus,1,Rumus,55,Sakit,1,Samsung,1,Security,1,SEO,21,SHAREit,1,shop,1,simple apps,2,Smart City,1,smartfren,1,Smartphone,1,sms,1,Social Media,1,socket.io,2,Software,2,spesifikasi,1,SQL,1,SQL Server,1,Steemit,7,string,3,team IT,1,Tebak Gambar,2,Technology,4,Teknologi,8,Teknologi Informasi,3,Telegram,3,Template Blog SEO,10,Template Blogger,1,Templates,1,terminal,1,tiktok,1,Tips,22,Tips & Trik,20,Tips Blogging,36,Tips SEO,23,toolkit,1,Tree,8,Trick,27,trik,3,Tulisan Lepas,1,tutorial,6,Tutorial CSS,3,Tutorial HTML,56,Tutorial JavaScript,3,Twitter,2,Ubuntu,5,udemy,7,UX,8,VirtualBox,1,VLC Media Player,1,VSCode,2,waconsole,26,wallpaper engine,1,web dev,2,Web Server,5,WhatsApp,14,WhatsApp Gateway,8,Widget,2,Windows,25,wordpress,4,XAMPP,7,Xiaomi,5,Yii2,1,YouTube,3,
ltr
item
Syahdan Dev Blog: 🔒 [ANTI-MALWARE LOGIN: Inovasi Login Aman dari Ancaman Extension Berbahaya] 🔒
🔒 [ANTI-MALWARE LOGIN: Inovasi Login Aman dari Ancaman Extension Berbahaya] 🔒
https://blogger.googleusercontent.com/img/a/AVvXsEjAMYEkcj27z3I9yS7VVgwnkKAhVia4OSQinbxJlSuCdM9lclf69v-19Vsf8NPLs4rZxrYWMSCK8VujAlGNTvlR8LeuZyXWjvY3FzkcOeQ4LlLsWNZ9NxmdE4nNjV3dWjesEdzdknJQ1rC_gpBV_xDa3_I27NQBEa1khfFPCVWdDrUeXRHDtzuC8x39MjI
https://blogger.googleusercontent.com/img/a/AVvXsEjAMYEkcj27z3I9yS7VVgwnkKAhVia4OSQinbxJlSuCdM9lclf69v-19Vsf8NPLs4rZxrYWMSCK8VujAlGNTvlR8LeuZyXWjvY3FzkcOeQ4LlLsWNZ9NxmdE4nNjV3dWjesEdzdknJQ1rC_gpBV_xDa3_I27NQBEa1khfFPCVWdDrUeXRHDtzuC8x39MjI=s72-c
Syahdan Dev Blog
https://syahdandev.blogspot.com/2025/06/anti-malware-login-inovasi-login-aman.html
https://syahdandev.blogspot.com/
https://syahdandev.blogspot.com/
https://syahdandev.blogspot.com/2025/06/anti-malware-login-inovasi-login-aman.html
true
6341435550051226882
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content