Last Updated: 2023-04-09 08:57:22 UTC
by Didier Stevens (Version: 1)
When Johannes mentioned on the Stormcast that 3CX's trojanized installer was blocked by Google Chrome, I remembed a feature I don't often use.
Here you see the blocked 3CX installer download blocked in Chrome:
Your only option is to click Discard (the up-arrow symbol offers no extra options).
But if you have this Discard option, then you can unblock the download in the Download Tab (menu entry Downloads):
And there you have the option to keep the file:
You have to confirm:
And then you can get the file from your Downloads folder (or whatever folder you selected).
This doesn't work for malware detected by an anti-virus (then you have no Discard option), like the EICAR file:
I rarely use this trick, because I usually download malicious or suspicious files from the command-line.
But sometimes when I have to use a browser (in a sandbox), I will use this feature.