Mandiant has identified a novel method to bypass browser isolation technology and achieve command-and-control operations through QR codes.

Browser isolation is an increasingly popular security technology that routes all local web browser requests through remote web browsers hosted in a cloud environment or virtual machines.

Any scripts or content on the visited web page is executed on the remote browser rather than the local one. The rendered pixel stream of the page is then sent back to the local browser that made the original request, only displaying what the page looks like and protecting the local device from any malicious code. 

Many command and control servers utilize HTTP for communication, causing remote browser isolation to filter the malicious traffic and making these communication models ineffective.

The new technique by Mandiant attempts to bypass these restrictions, and though it has some practical limitations, it demonstrates that existing security protections in browsers are far from perfect, calling for "defense in depth" strategies that combine additional measures.

Background on C2s and browser isolation

C2 channels enable malicious communications between attackers and compromised systems, giving remote actors control over the breached device and the ability to execute commands, exfiltrate data, and more.

Because browsers constantly interact with external servers by design, isolation measures are activated to prevent attackers from accessing sensitive data on the underlying system in security-critical environments.

ks attackers from directly accessing the HTTP responses or injecting malicious commands into the browser, making covert C2 communications more difficult.

Mandiant's bypass trick

Mandiant researchers have devised a new technique that can bypass existing isolation mechanisms in modern browsers.

Instead of embedding commands in HTTP responses, the attacker encodes them in a QR code displayed visually on a webpage. As the visual rendering of a webpage is not stripped during browser isolation requests, the QR codes are able to make it back to the client initiating the request.

In Mandiant's study, the "victim's" local browser is a headless client controlled by malware that has previously infected the device, which captures the retrieved QR code and decodes it to get the instructions.

Mandiant's proof-of-concept demonstrates the attack on the latest Google Chrome web browser, integrating the implant through Cobalt Strike's External C2 feature, a widely abused pen-testing kit.

Not perfect

While the PoC shows the attack is feasible, the technique isn't flawless, especially considering real-world applicability.

First, the data stream is limited to a maximum of 2,189 bytes, which is roughly 74% of the maximum data QR codes can carry, and the packets need to drop in size even more if there are issues reading the QR codes on the malware's interpreter.

Second, latency needs to be taken into account, as each request takes approximately 5 seconds. This limits the data transfer rates to about 438 bytes/sec, so the technique is not suitable for sending large payloads or facilitating SOCKS proxying.

Finally, Mandiant says its study did not consider additional security measures like domain reputation, URL scanning, data loss prevention, and request heuristics, that may, in some cases, block this attack or render it ineffective.

Although Mandiant's QR-code-based C2 technique is low bandwidth, it could still be dangerous if not blocked. Therefore, admins in critical environments are recommended to monitor for abnormal traffic and headless browsers operating in automation mode.