Tasken
Advanced
- Joined
- 22.09.20
- Messages
- 127
- Reaction score
- 956
- Points
- 63
The FriarFox extension gives hackers full access to the victim's Gmail and access to her data for all sites.
Specialists of the information security company Proofpoint told about a Chinese cybercrime group that hacks Gmail accounts using a browser extension.
The cybercrime group TA413 has been active for almost a decade and is usually associated by experts with the malware LuckyCat and ExileRAT, and its victims are mostly Tibetans. In early 2021, TA413 attempted to attack the Gmail accounts of organizations in Tibet with a malicious browser extension.
According to experts, in January-February of this year, the group delivered the FriarFox extension for the Firefox browser to the attacked computers, which gives it control over the Gmail mail belonging to the victims. The attacks also used Scanbox and Sepulcher malware, which was previously linked to TA413 by security experts.
The attackers sent phishing emails to the victims with a link to a fake Adobe Flash Player update page that runs JavaScript code on the attacked systems. This code delivered the malicious FriarFox extension, but only if the link was opened via Firefox.
Once installed, the extension gave attackers full control over the victim's Gmail. Attackers could search through emails, archive messages, read correspondence, receive notifications, mark emails as spam, delete emails, update inbox, forward emails, modify browser notifications, permanently delete emails from the trash, and send messages.
FriarFox is a heavily modified version of the open source Gmail Notifier extension, which gives attackers access to user data for all sites and allows them to view and change privacy settings, display notifications, and access tabs that are open in the browser.
Specialists of the information security company Proofpoint told about a Chinese cybercrime group that hacks Gmail accounts using a browser extension.
The cybercrime group TA413 has been active for almost a decade and is usually associated by experts with the malware LuckyCat and ExileRAT, and its victims are mostly Tibetans. In early 2021, TA413 attempted to attack the Gmail accounts of organizations in Tibet with a malicious browser extension.
According to experts, in January-February of this year, the group delivered the FriarFox extension for the Firefox browser to the attacked computers, which gives it control over the Gmail mail belonging to the victims. The attacks also used Scanbox and Sepulcher malware, which was previously linked to TA413 by security experts.
The attackers sent phishing emails to the victims with a link to a fake Adobe Flash Player update page that runs JavaScript code on the attacked systems. This code delivered the malicious FriarFox extension, but only if the link was opened via Firefox.
Once installed, the extension gave attackers full control over the victim's Gmail. Attackers could search through emails, archive messages, read correspondence, receive notifications, mark emails as spam, delete emails, update inbox, forward emails, modify browser notifications, permanently delete emails from the trash, and send messages.
FriarFox is a heavily modified version of the open source Gmail Notifier extension, which gives attackers access to user data for all sites and allows them to view and change privacy settings, display notifications, and access tabs that are open in the browser.