Malicious Firefox extension allows hackers to hijack Gmail account
A few days ago, a hacker group used malicious Firefox extensions and Scanbox malware to infect victims. The purpose of this move is to hijack the victim’s Gmail account and Firefox browser so that they can collect the target’s data and record their keyboard keystrokes. According to a Proofpoint report, the attack started in January and continued throughout February.
The phishing email delivered by the attacker to the target mailbox will be redirected to the you-tube[.]tv domain controlled by the attacker, which will display a fake Adobe Flash Player Update page.
If the potential victim is using a web browser other than Firefox, then they will be redirected to a legitimate YouTube login page.
Once the victim is tricked into installing the FriarFox extension, the hacker will be able to take over the user’s Gmail account and Firefox browser to perform the following malicious actions:
- Search emails
- Archive emails
- Receive Gmail notifications
- Read emails
- Alter FireFox browser audio and visual alert features for the FriarFox extension
- Label emails
- Marks emails as spam
- Delete messages
- Refresh inbox
- Forward emails
- Perform function searches
- Delete messages from Gmail trash
- Send mail from compromised account
FireFox Browser Access – (Based on Granted browser permissions)
- Access user data for all websites.
- Display notifications
- Read and modify privacy settings
- Access browser tabs.