The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Browser Extention

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021Ravie Lakshmanan
Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. "Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users' Gmail accounts," Proofpoint said in an analysis. The Sunnyvale-based enterprise security company pinned the phishing operation on a Chinese advanced persistent threat (APT) it tracks as  TA413 , which has been previously attributed to attacks against the Tibetan diaspora by leveraging  COVID-themed lures  to deliver the Sepulcher malware with the strategic goal of espionage and civil dissident surveillance. The researchers said the attacks were detected in January and February 2021, a pattern that has continued since March 2020. The infection chain begins with a phishing email impersonating the "Tib
WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware

WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware

February 06, 2021Ravie Lakshmanan
Google on Thursday removed The Great Suspender , a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware,"  read  a terse notification from Google, but it has since emerged that the add-on stealthily added features that could be exploited to execute arbitrary code from a remote server, including tracking users online and committing advertising fraud. "The old maintainer appears to have sold the extension to parties unknown, who have malicious intent to exploit the users of this extension in advertising fraud, tracking, and more," Calum McConnell  said  in a GitHub post. The extension, which had more than two million installs before it was disabled, would suspend tabs that aren't in use, replacing them with a blank gray screen until they were reloaded upon returning to the tabs in question. Signs of the
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.