If a browser is hijacked, can the hijacker install keyloggers?
 

Or would they need more access than just hijacking the browser?

I've read that once i restart my desktop after closing the tabs where the hijacking took place that my browser is no longer being hijacked.

If they could install keyloggers while hijacking my browser, would the keyloggers also be gone after restarting the computer?

I have to admit i need to read more about keyloggers.

In general I'd say that anytime a hacker gets their foot in the door anything can happen.

 

It depends: define "hijacked".

If it's just a piece of JavaScript that doesn't exploit browser bugs, it will stop when the tab/browser is closed.

But if a cracker finds a browser bug which allows them to execute code outside the browser sandbox, all bets are off.

Restarting the desktop would be unnecessary for the former, but may have no impact for the latter.
If you think a machine is compromised, disconnecting from the network is more important than restarting, (and changing auth for any potentially compromised accounts).

Let's say they know this is my linux account. They figure out the password and go into it and put code somewhere whereby when i log into the account, they are on my browser and have full access as if they were connecting to my computer via a remote access trojan.

But with a RAT, i've read that they are not able to put something permanent on the OS.

How are they figuring out the password? Are you so clueless as to use an easily guessable password? With your user password and sudo active, anyone can do anything. With the root password, anyone can do anything. Change your password regularly, use reasonably complex passwords, and you shouldn't need to worry much. Targeting an individual computer running Linux is not a profitable enterprise. Why would anyone go to the trouble of hacking into your computer and installing a keylogger? There has to be a high reward for such effort in order for anyone to even try it. I take reasonable precautions, but I don't lie awake nights worrying about someone trying to take over my computer. There just isn't enough value in it to make it worthwhile. Any sites with value attached, such as banks, Google, etc have two-factor authentication enabled, so even a keylogger won't gain access. All passwords are in my password safe, and I copy/paste those.

There is usually an annual hack event where groups try to exploit common desktop systems. Some years the hackers do it by gaining access via browser. They have done it by scripts, java and images and maybe a few other ways.

I don't claim that it's impossible, only that it's not worth attempting barring unusual circumstances. I'm one of billions of computers connected to the internet. Someone would need a serious reason to target me, and there are so many Windows computers which are much easier targets.

Saying one can be hacked by images (meaning graphic image files like JPG) is a misleading simplification. "Through images" might be acceptable. An image file is passive. It might contain malicious code, but it doesn't actively hack you, even if you open it in an image viewer.

There have been cases where malicious code was hidden in image metadata which might then get executed by software reading & interpreting this metadata, IIRC.
A very specific hack. I cannot find the relevant news item now, but IIRC it was specific to GNOME and mostly harmless.

This is the relevant bit. This is why we keep our browsers & operating systems up-to-date.
But by design, browsers allow javascript execution only in a sandbox. My guess is that this sandbox is page specific, i.e. it can't even look inside another page, so what you describe below should not be possible.
In any case, even the premise "they know this is my linux account" seems very unlikely. What's a "linux account"? Who are "they", and how do "they know"?

I have no idea what a RAT is and I have never been hacked (famous last words :D).

Generally speaking, sane browsing habits require:

• regularly cleaning out local data & storage
• using a safe password vault/manager
• allowing javascript and 3rd party requests only selectively, on trusted sites

Of course, "trust" is tricky and never absolute.
Let's say, I wouldn't trust certain sites some spammers post. Meaning I would not click those links except _maybe_ in TOR BRowser.
But for most sites: I do not trust them with my personal data, but I would trust them to not contain malicious code.
...ymmv...

https://irishtechnews.ie/a-quick-fix...ser-hijacking/

Source: https://en.wikipedia.org/wiki/Browser_hijacking

With that said it's better to check your system with a good anti-virus or check any port activity that is suspicious.

Like, close your browser and other running application.

Then do a netstat for any activity

Not sure though if this method is quite helpful.

Full access means full access.

Restarting basically clears RAM.

Unless you have a read-only Live system (with no writable drives/storage attached at all) then full access allows persistent malware, irrespective of how the access was originally gained.

Restarting does not prevent remote access. Physically disconnecting compromised machines from the network prevents remote access.

Google, and perhaps Mozilla, offers handsome bounties to anyone who can show that they've compromised their browser, far more than they would get from shaking down private users. They don't pay out much. There are many very competent security experts working hard every day to prevent that sort of thing. Taking over a modern browser is very hard. That's why updates come along so often - as security issues are found, they're patched, and people are constantly searching. Having random hackers take over your browser and installing keyloggers is not a realistic threat. If a specific government entity wants to do it, it's perhaps possible, but that entity would need a reason. Keyloggers are not being installed on random home computers. And again, it's very hard to do this. The only really viable way to do this is to gain physical possession of the machine for the necessary time. Breaking into your house while you're gone is far easier and more reliable than trying to gain entry through your browser.

Thanks for all the responses...

In one of my social media accounts that i rarely ever use, i had a complex password there for a very long time (couple / years). Someone got into the account and put something there - my guess would be a script, but i don't know much about code/malware.

So when i logged in they got on to my computer shortly thereafter with no question they were on. But before i logged into that account they were not on; after i restarted and shut the tab/logged out for social media account, they did not get back on.

But when it comes to putting keyloggers on my desktop, with the kind of access described, can they do that?

A good question is: how long would it take to install keyloggers with this kind of access to the computer? If it would take 15 minutes vs 3 three minutes, that would tell me a lot, like whether or not they could do it based on how long i have my browser open at one time - which is usually not a long time.

The last sentence is the most relevant bit.
I question everything you wrote before that. You cannot "put a script into an account" where it then gets executed when you log in.
If anything, I'd say the whole site where the account resides was compromised. Or you used the same password elsewhere.

You have changed the password since, right?!?!

Without more information it's difficult impossible to say more, it's just another of those threads: "conspiracy myth 1, therefore I got hacked, therefore conspiracy myth 2".
As you see, I'm even questioning that you got hacked in the first place.

Where's the technical analysis.

There is, to me, absolutely a question of whether 'they' were on your computer. Running javascript from a website is not the same thing. Javascript is running on almost every website, some more benign than others. Many websites simply won't function properly without it. But it's easy enough to prohibit javascript globally, and whitelist essential trusted sites if you feel the need. Just saying that there is no question someone was 'on your computer' does not make questioning it impossible, other than in one's own mind.