Security News > 2021 > February > Malicious Mozilla Firefox Extension Allows Gmail Takeover

Malicious Mozilla Firefox Extension Allows Gmail Takeover
2021-02-25 17:04

A newly uncovered cyberattack is taking control of victims' Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox.

FriarFox gives cybercriminals various types of access to users' Gmail accounts and Firefox browser data.

"Threat actors appear to be targeting users that are utilizing a Firefox Browser and are utilizing Gmail in that browser," the researchers said.

"The user must access the URL from a Firefox browser to receive the browser extension. Additionally, it appeared that the user must be actively logged in to a Gmail account with that browser to successfully install the malicious XPI [FriarFox] file."

The malicious extension also comes in the form of an XPI file, noted researchers - these files are compressed installation archives used by various Mozilla applications, and contain the contents of a Firefox browser extension.

"TA413 threat actors altered several sections of the open-source browser extension Gmail Notifier to enhance its malicious functionality, conceal browser alerts to victims and disguise the extension as an Adobe Flash-related tool," said researchers.


News URL

https://threatpost.com/malicious-mozilla-firefox-gmail/164263/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mozilla 29 13 631 583 266 1493