Thursday, April 15, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
in Internet Privacy
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.

“Threat actors aligned with the Chinese Communist Party’s state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users’ Gmail accounts,” Proofpoint said in an analysis.

You might also like

New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone Remotely

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves

The Sunnyvale-based enterprise security company pinned the phishing operation on a Chinese advanced persistent threat (APT) it tracks as TA413, which has been previously attributed to attacks against the Tibetan diaspora by leveraging COVID-themed lures to deliver the Sepulcher malware with the strategic goal of espionage and civil dissident surveillance.

The researchers said the attacks were detected in January and February 2021, a pattern that has continued since March 2020.

The infection chain begins with a phishing email impersonating the “Tibetan Women’s Association” using a TA413-linked Gmail account that’s known to masquerade as the Bureau of His Holiness the Dalai Lama in India.

The emails contain a malicious URL, supposedly a link to YouTube, when in fact, it takes users to a fake “Adobe Flash Player Update” landing page where they are prompted to install a Firefox extension that Proofpoint calls “FriarFox.”

For its part, the rogue extension — named “Flash update components” — disguises itself as an Adobe Flash-related tool, but the researchers said it’s largely based on an open-source tool named “Gmail Notifier (restartless)” with significant alterations that add malicious capabilities, including incorporating modified versions of files taken from other extensions such as Checker Plus for Gmail.

The timing of this development is no coincidence, as Adobe officially began blocking Flash content from running in browsers starting January 12. The rich multimedia format reached end-of-life on December 31, 2020.

Interestingly, it appears that the operation is targeting only users of Firefox Browser who are also logged in to their Gmail accounts, as the add-on is never delivered in scenarios when the URL in question is visited on a browser such as Google Chrome or in cases where the access happens via Firebox, but the victims don’t have an active Gmail session.

“In recent campaigns identified in February 2021, browser extension delivery domains have prompted users to ‘Switch to the Firefox Browser’ when accessing malicious domains using the Google Chrome Browser,” the researchers said.

Besides having access to browser tabs and user data for all websites, the extension comes equipped with features to search, read, and delete messages and even forward and send emails from the compromised Gmail account.

Additionally, FriarFox also contacts an attacker-controlled server to retrieve a PHP and JavaScript-based payload called Scanbox.

Scanbox is a reconnaissance framework that enables attackers to track visitors to compromised websites, capture keystrokes, and harvest data that could be used to enable follow-on compromises. It has also been reported to have been modified in order to deliver second-stage malware on targeted hosts.

Campaigns using Scanbox were previously spotted in March 2019 by Recorded Future targeting visitors to the website of Pakistan’s Directorate General of Immigration and Passports (DGIP) and a fake typosquatted domain claiming to be the official Central Tibetan Administration (CTA).

The introduction of the FriarFox browser extension in TA413’s arsenal points to APT actors”http://thehackernews.com/”insatiable hunger” for access to cloud-based email accounts, says Sherrod DeGrippo, Proofpoint’s senior director of threat research and detection.

“The complex delivery method of the tool […] grants this APT actor near total access to the Gmail accounts of their victims, which is especially troubling as email accounts really are among the highest value assets when it comes to human intelligence,” DeGrippo noted.

“Almost any other account password can be reset once attackers have access to someone’s email account. Threat actors can also use compromised email accounts to send email from that account using the user’s email signature and contact list, which makes those messages extremely convincing.”


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

DataStax Astra goes serverless | ZDNet

Next Post

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

Related Posts

New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone Remotely
Internet Privacy

New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone Remotely

April 15, 2021
New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
Internet Privacy

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

April 15, 2021
Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves
Internet Privacy

Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves

April 14, 2021
Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits
Internet Privacy

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

April 14, 2021
RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
Internet Privacy

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

April 14, 2021
Next Post
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

How AI helps Overwatch League process 410M data points to build power rankings – IBM Developer

April 15, 2021
ExpressVPN review: A fine VPN service, but is it worth the price?
Internet Security

ExpressVPN review: A fine VPN service, but is it worth the price?

April 15, 2021
New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone Remotely
Internet Privacy

New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone Remotely

April 15, 2021
AQUA for Amazon Redshift goes GA
Big Data

AQUA for Amazon Redshift goes GA

April 15, 2021
Three Privacy Preserving Machine Learning Techniques Solving This Decade’s Most Important Issue
Machine Learning

Three Privacy Preserving Machine Learning Techniques Solving This Decade’s Most Important Issue

April 15, 2021
5 Ways Conversational AI is Shaping the Future of Learning | by Aurosikha Priyadarshini | Apr, 2021
Neural Networks

5 Ways Conversational AI is Shaping the Future of Learning | by Aurosikha Priyadarshini | Apr, 2021

April 15, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • How AI helps Overwatch League process 410M data points to build power rankings – IBM Developer April 15, 2021
  • ExpressVPN review: A fine VPN service, but is it worth the price? April 15, 2021
  • New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone Remotely April 15, 2021
  • AQUA for Amazon Redshift goes GA April 15, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates