Thursday, April 15, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

February 26, 2021
in Internet Security
Chinese cyberspies targeted Tibetans with a malicious Firefox add-on
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Proofpoint

Chinese state-sponsored hackers have gone after Tibetan organizations across the world using a malicious Firefox add-on that was configured to steal Gmail and Firefox browser data and then download malware on infected systems.

Special feature


Cyberwar and the Future of Cybersecurity

You might also like

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

ASIO boss says he’s not concerned with Australian Parliament’s March outage

‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system


Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

The attacks, discovered by cybersecurity firm Proofpoint this month, have been linked to a group the company tracks under the codename of TA413.

Only Firefox users were targeted

Proofpoint said the attackers targeted Tibetan organizations with spear-phishing emails that lured members on websites where they’d be prompted to install a Flash update to view the site’s content.

These websites contained code that separated users. Only Firefox users with an active Gmail session were prompted to install the malicious add-on.

The Proofpoint team said that while the extension was named “Flash update components,” it was actually a version of the legitimate “Gmail notifier (restartless)” add-on, with additional malicious code. Per the research team, this code could abuse the following functions on infected browsers:

Gmail:

  • Search emails  
  • Archive emails  
  • Receive Gmail notifications  
  • Read emails  
  • Alter Firefox browser audio and visual alert features
  • Label emails  
  • Marks emails as spam  
  • Delete messages  
  • Refresh inbox  
  • Forward emails  
  • Perform function searches  
  • Delete messages from Gmail trash  
  • Send mail from the compromised account  

Firefox (based on granted browser permissions):

  • Access user data for all websites
  • Display notifications
  • Read and modify privacy settings
  • Access browser tabs

Firefox add-on also installed malware

But the attack didn’t stop here. Proofpoint said the extension also downloaded and installed the ScanBox malware on infected systems.

A PHP and JavaScript-based reconnaissance framework, this malware is an old tool seen in previous attacks carried out by Chinese cyber-espionage groups.

“Scanbox has been used in numerous campaigns since 2014 to target the Tibetan Diaspora along with other ethnic minorities often targeted by groups aligned with the Chinese state interests,” Proofpoint said in a report today.

The last recorded case of a ScanBox attack dates back to 2019 when Recorded Future reported attacks against visitors of Pakistani and Tibetan websites.

As for its capabilities, Proofpoint says ScanBox is “capable of tracking visitors to specific websites, performing keylogging, and collecting user data that can be leveraged in future intrusion attempts,” making this a dangerous threat to have installed on your systems.

Flash EOL might have helped attackers

In this particular campaign, which Proofpoint codenamed FriarFox, attacks began in January 2021 and continued throughout February.

Although hackers have been using fake Flash update themes for years and most users know to stay away from websites offering Flash updates out of the blue, these attacks are believed to have worked much better than previous ones.

The reason is that Adobe retired Flash Player at the end of 2020, and all Flash content stopped playing inside browsers on January 12, 2021, when Proofpoint also saw the first TA413 FriarFox campaigns targeting Tibetan organizations.

Credit: Zdnet

Previous Post

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Next Post

21 Must-Know Instagram Facts for 2021

Related Posts

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers
Internet Security

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

April 14, 2021
ASIO boss says he’s not concerned with Australian Parliament’s March outage
Internet Security

ASIO boss says he’s not concerned with Australian Parliament’s March outage

April 14, 2021
‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system
Internet Security

‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system

April 14, 2021
Microsoft April patch download covers 114 CVEs including new Exchange Server bugs
Internet Security

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

April 14, 2021
Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch
Internet Security

Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch

April 14, 2021
Next Post
21 Must-Know Instagram Facts for 2021

21 Must-Know Instagram Facts for 2021

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Sailthru Announces Machine Learning Features for Improved Lifecycle Optimization
Machine Learning

Sailthru Announces Machine Learning Features for Improved Lifecycle Optimization

April 14, 2021
Data Labeling Service — How to Get Good Training Data for ML Project? | by ByteBridge | Apr, 2021
Neural Networks

Data Labeling Service — How to Get Good Training Data for ML Project? | by ByteBridge | Apr, 2021

April 14, 2021
The Search Engine Land Awards are open: Wednesday’s daily brief
Digital Marketing

The Search Engine Land Awards are open: Wednesday’s daily brief

April 14, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

IBM joins Eclipse Adoptium and offers free certified JDKs with Eclipse OpenJ9 – IBM Developer

April 14, 2021
Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers
Internet Security

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

April 14, 2021
Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves
Internet Privacy

Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves

April 14, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Sailthru Announces Machine Learning Features for Improved Lifecycle Optimization April 14, 2021
  • Data Labeling Service — How to Get Good Training Data for ML Project? | by ByteBridge | Apr, 2021 April 14, 2021
  • The Search Engine Land Awards are open: Wednesday’s daily brief April 14, 2021
  • IBM joins Eclipse Adoptium and offers free certified JDKs with Eclipse OpenJ9 – IBM Developer April 14, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates