Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
gruez
7y ago
0 comments
Save
Share
If the attacker manages to get malware on the mac, they can also wait for you to do a login, and steal your 2fa code as you enter it.
0 comments
2 comments · 1 top-level
top
newest
oldest
ViViDboarder
7y ago
· 1 in thread
Or just steal your session tokens. Not all apps are secure enough to prevent session roaming.
dwaite
7y ago
Or just remote drive your session. Token exfiltration isn't required if you can do XSS or say script injection via browser extensions (and exfiltration is more likely to hit anomaly/fraud detection)
j
/
k
navigate · click thread line to collapse
