Skip to main content

Chinese Hackers using Firefox plugin for spying

Cyber security researchers have uncovered a Campaign of attacks by Chinese hackers targeted to Tibetan activists via a malicious new Firefox extension.

Allegedly Chinese state-sponsored hacking group TA413 The Crusade was targeted against Tibetan dissidents and at its core implemented a felonious Firefox plug-in spread by an email address known for impersonating the Dalai Lama himself.

The reason why Chinese state-sponsored hacking groups might want to Target. Ins is obvious. China controls Tibetans, The Tibetans, aren’t happy about it? Thus Tibetan dissident groups exist. And as you can imagine the Chinese States really doesn’t like them.

TA413 is a hacking group aligned with Chinese Communist party interests. If it’s not directly State controlled. There isn’t much out there about TA413, but they’ve been linked to the lucky cat and Exile rats malware exonerate

It’s all started a few weeks ago when Tibetan organizations started receiving phishing emails purporting to be from the Tibetan women’s Association. All the emails were sent from a Gmail accounts with no links to the Chinese hacking group TA413. They’ve been observed in the past.

“Masquerading as Dalai Lama Representatives”

The emails all contained a URL impersonating YouTube you – tube TV upon clicking the link the victims would be taken to a fake “Adobe Flash Player Update” landing page prompting them to update their Adobe Flash player and  install a Firefox extension that Proofpoint calls “FriarFox.”

Adobe Flash is now no longer supported on any platform and adobe has stopped providing security updates.

The hack only targeted Firefox users who were also logged into their Gmail account upon clicking the link in cases where these conditions weren’t met. The victim was just redirected to YouTube.

That infected “Flash update components” — disguises itself as an Adobe Flash-related tool, but it’s largely based on an open-source tool named “Gmail Notifier (restartless)” with significant alterations that add malicious capabilities, including incorporating modified versions of files taken from other extensions such as ‘Checker Plus for Gmail’.

The security vendor explained that it had seen low-level phishing campaigns against the Tibetan diaspora since March 2020, but that these took another turn in the first two months of 2021 with the use of a customized malicious extension dubbed “FriarFox.

After successful installation and all condition matched that extension will call to hackers server from which victim would Download malware specifically malware called scan box, which has been primarily used by Chinese hacking groups is been in service since 2014. And this isn’t the first time it’s been used to Target Tibetan organizations. It’s a reconnaissance framework used for logging keystrokes monitoring computer activity and just Gathering as much data from the victim PC as it possibly can.

It’s unclear exactly how many people were targeted in this campaign. The reports was only released a few days ago.

Also read

Chinese hackers targeted Indian power grids

Popular posts from this blog

Signal Introduces Usernames for Encrypted Messaging: A Secure Way to Connect

Signal, the encrypted messaging service, is launching a new feature in the coming weeks: support for usernames. This beta feature allows users to establish unique usernames, enabling connections without divulging phone numbers. source: Signal Blog To create a username, navigate to your settings and select "Profile." Once you've chosen a unique username, generate a QR code or link to share with others. Recipients can connect by entering your username into the chat bar. Usernames can be changed at any time, though previous usernames may be claimed by others. Signal began testing usernames last fall. Unlike social media platforms, Signal usernames do not serve as logins or public handles. They offer a discreet means of communication without revealing personal phone numbers. While a phone number is required to register for Signal, sharing it is optional. Usernames remain private and do not appear on profiles or in chats unless shared explicitly. As Randall Sarafa, Signal'

Safeguarding Internet Privacy: Supreme Court of Canada Upholds Protection of IP Addresses

In a recent ruling, the Supreme Court of Canada affirmed the significance of privacy rights concerning internet addresses. The court declared that police cannot simply obtain a suspect’s IP address without a court order, emphasizing the expectation of privacy that Canadian residents hold for such information. The court's decision stemmed from a case in 2017 involving Calgary police investigating fraudulent online activities at a liquor store. Initially, police demanded IP addresses from a credit card processor, which eventually led to obtaining subscriber information from Telus. This information was pivotal in making arrests and securing convictions in multiple offenses. Despite previous convictions, the accused contested the legality of obtaining IP addresses without proper authorization. The Supreme Court, in a 5-4 decision, asserted that IP addresses carry a reasonable expectation of privacy, necessitating judicial approval before access. The ruling emphasizes that obtaining jud

AT&T Resets Millions of Customer Passcodes After Data Leak: What You Need to Know

AT&T recently confirmed a significant data breach affecting over 7.6 million current customers and 65 million former customers. The leaked information, which dates back to 2019 or earlier, includes personal details like names, addresses, phone numbers, and social security numbers. Fortunately, financial information and call history were not compromised. In response to the breach, AT&T has reset passcodes for affected customers. Passcodes, usually four-digit numbers, serve as an additional layer of security when accessing accounts. However, security experts warn that the encrypted passcodes leaked alongside customer information could be easily deciphered, posing a risk of unauthorized account access. Affected customers are advised to set up free fraud alerts with major credit bureaus and remain vigilant for any suspicious activity related to their accounts. AT&T is proactively reaching out to impacted customers via email or letter to inform them about the breach and the meas