- Jul 22, 2014
- 2,525
A cyber-espionage group known as Turla — believed to be the cyber-arm of Russian intelligence — has been playing around with a backdoor trojan disguised as a Firefox extension that uses comments on Britney Spears Instagram photos to store the location of its command and control (C&C) server.
Discovered in a recent distribution campaign by ESET researchers, this Firefox extension is part of a larger arsenal of hacking tools used by the Turla APT.
The group's primary mode of operation is via compromised sites that load malicious code that forcibly download and execute malicious files on the user's computer. This type of attack is known as a drive-by download and is used by exploit kits, malvertising campaigns, and cyber-espionage units.
Firefox extension distributed via hacked Swiss site
The Firefox extension is not installed by force, but researchers have seen it on the compromised site of a Swiss security company.
Visitors of this site were asked to install the extension, called HTML5 Encoding. ESET says this is a simple JavaScript-based backdoor that reports the user's activity back to its operators.
....
Discovered in a recent distribution campaign by ESET researchers, this Firefox extension is part of a larger arsenal of hacking tools used by the Turla APT.
The group's primary mode of operation is via compromised sites that load malicious code that forcibly download and execute malicious files on the user's computer. This type of attack is known as a drive-by download and is used by exploit kits, malvertising campaigns, and cyber-espionage units.
Firefox extension distributed via hacked Swiss site
The Firefox extension is not installed by force, but researchers have seen it on the compromised site of a Swiss security company.
Visitors of this site were asked to install the extension, called HTML5 Encoding. ESET says this is a simple JavaScript-based backdoor that reports the user's activity back to its operators.
....
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
