Hackers are phishing Gmail credentials by using malicious Firefox extensions

FriarFox is the malicious extension put into work by hackers to fulfill their malicious intentions.

China has been accused of spying and phishing on various minorities and rivals by backing hacker groups and organizations. The Chinese government has funded hacking groups and forums to spy on Tibetian activists and organizations by using malicious Firefox extensions.

The TA413 is the group behind the attacks done on Tibetian activists. The group was also involved in various COVID-19 themed attacks to distribute Sepulcher malware.

According to a security research firm, the phishing attacks on Tibetans started around March 2020 and are still continuing. The threat actors are delivering a customized Firefox browser extension to hijack users’ Gmail accounts.

The phishing emails appear to be sent by the Bureau of His Holiness the Dalai Lama in India and the TibetanWomen’s Association. The emails contain fake Adobe update links that execute JavaScripts on infected systems and deliver the FriarFox extension.

After execution the malware can be used by hackers to locate, archive, read, delete, mark as spam, and forward emails. The malware can also modify privacy settings and access user data on other websites.

NPAV recommends users and organizations to keep their cybersecurity measures updated. Install NPAV on your devices to enjoy best-in-class protection from all kinds of cyberattacks.

Use NPAV and join us on a mission to secure the cyber world.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

*