Security News > 2021 > February > Malicious Firefox extension allowed hackers to hijack Gmail accounts
Several Tibetan organizations were targeted in a cyber-espionage campaign by a state-backed hacking group using a malicious Firefox extension designed to hijack Gmail accounts and infect victims with malware.
The Chinese state hackers also infected victims with the Scanbox malware reconnaissance framework, which allowed them to harvest their targets' data and log their keystrokes.
JavaScript profiling scripts executed from this domain would automatically prompt the targets to install a malicious add-on named FriarFox if they were using the Firefox web browser and logged into their Gmail account.
The FriarFox malicious extension is based on the open-source Gmail Notifier Firefox add-on by changing its icon and metadata description to mimic a Flash update process.
They also added malicious JavaScripts designed to hijack the victims' Gmail accounts and infect their systems with the Scanbox malware.
"The use of browser extensions to target the private Gmail accounts of users combined with the delivery of Scanbox malware demonstrates the malleability of TA413 when targeting dissident communities," Proofpoint concluded.