- #GMAIL HACKER BROWSER EXTENSION INSTALL#
- #GMAIL HACKER BROWSER EXTENSION UPDATE#
- #GMAIL HACKER BROWSER EXTENSION ARCHIVE#
- #GMAIL HACKER BROWSER EXTENSION FREE#
The result is that this group finds mileage from previously disclosed tools like Scanbox and Royal Road by varying the method of their introduction to the victim environment. TA413 combines modified open-source tools, dated shared reconnaissance frameworks, a variety of delivery vectors, and very targeted social engineering tactics. TA413 appears to be modulating their tools and techniques while continuing to rely on proven social engineering techniques. The tool is capable of tracking visitors to specific websites, performing keylogging, and collecting user data that can be leveraged in future intrusion attempts.
Scanbox has been used in numerous campaigns to target the Tibetan Diaspora along with other ethnic minorities often targeted by groups aligned with the Chinese state interests. Scanbox is primarily used by Chinese APT’s and shared across multiple groups. Its usage of PHP and JS enables a file-less malware approach when targeting victims’ hosts. Scanbox is a PHP and JavaScript-based reconnaissance framework that dates to 2014. This conceals FriarFox’s existence and threat actors’ usage from the affected victims. All audio and visual browser alerts are set not to alert active users after the time of installation.
#GMAIL HACKER BROWSER EXTENSION UPDATE#
In recent campaigns identified in February 2021, browser extension delivery domains have prompted users to “Switch to the Firefox Browser” when accessing malicious domains using the Google Chrome Browser. FriarFox has been the only browser instance identified targeting FireFox browsers as an XPI file. It allows users to receive notifications and perform certain Gmail actions on up to five Gmail accounts that are actively logged in simultaneously.
#GMAIL HACKER BROWSER EXTENSION FREE#
This is a free tool available on Github, the Mozilla Firefox Browser ADD-ONS store, and the QQ App store among other locations.
It is largely based on an open-source tool named “Gmail Notifier (restartless)”.
#GMAIL HACKER BROWSER EXTENSION ARCHIVE#
Gmail Access: Search emails, Archive emails, Receive Gmail notifications, Read emails, Alter FireFox browser audio and visual alert features for the FriarFox extension, Label emails, Marks emails as spam, Delete messages, Refresh inbox, Forward emails, Perform function searches, Delete messages from Gmail trash, Send mail from the compromised account.įireFox Browser Access – (Based on Granted browser permissions): Access user data for all websites, Display notifications, Read and modify privacy settings, Access browser tabs.
#GMAIL HACKER BROWSER EXTENSION INSTALL#
The user must access the URL from a FireFox browser to receive the browser extension.Īdditionally, it appeared that the user must be actively logged in to a Gmail account with that browser to successfully install the malicious XPI file.Īfter the installation of the FriarFox browser extension, threat actors gain the following access to the user’s Gmail account and FireFox browser data included below. Threat actors appear to be targeting users that are utilizing a Firefox Browser and are utilizing Gmail in that browser. In this case, the domain is controlled by the threat actors, and the redirection is obtained via a malicious URL contained within a phishing email. The use of landing pages for JS redirection is a technique commonly used in watering hole attacks.
0 kommentar(er)
