Malicious Mozilla Firefox Extension Allows Gmail Takeover

2021-02-25 17:04

A newly uncovered cyberattack is taking control of victims' Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox.

FriarFox gives cybercriminals various types of access to users' Gmail accounts and Firefox browser data.

"Threat actors appear to be targeting users that are utilizing a Firefox Browser and are utilizing Gmail in that browser," the researchers said.

"The user must access the URL from a Firefox browser to receive the browser extension. Additionally, it appeared that the user must be actively logged in to a Gmail account with that browser to successfully install the malicious XPI [FriarFox] file."

The malicious extension also comes in the form of an XPI file, noted researchers - these files are compressed installation archives used by various Mozilla applications, and contain the contents of a Firefox browser extension.

"TA413 threat actors altered several sections of the open-source browser extension Gmail Notifier to enhance its malicious functionality, conceal browser alerts to victims and disguise the extension as an Adobe Flash-related tool," said researchers.

News URL

https://threatpost.com/malicious-mozilla-firefox-gmail/164263/

#firefox #gmail #mozilla #takeover

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Mozilla		29	13	629	582	266	1490

News URL

Related news

Related vendor