Welcome, Guest: Join Nairaland / LOGIN! / Trending / Recent / New
Stats: 2,444,213 members, 5,503,216 topics. Date: Wednesday, 01 April 2020 at 09:15 AM

Russian Hackers Modify Chrome And Firefox To Spy On Users - Computers - Nairaland

Nairaland Forum / Science/Technology / Computers / Russian Hackers Modify Chrome And Firefox To Spy On Users (184 Views)

Recover Mozilla Firefox To Default Settings Without Uninstalling / 10 Hidden Features In Google Chrome You Didn't Know About / Want To Spy On The Boss? Try This Phone-mast-in-an-hp Printer (2) (3) (4)

(1) (Reply)

Russian Hackers Modify Chrome And Firefox To Spy On Users by Raychux23(m): 5:13pm On Oct 07, 2019


A Russian hacker group has been spotted using a patch to modify Chrome and Firefox to spy on users. But how were they able to spy on websites having a secured HTTPs connection.

By the way, Google has long been pushing for more websites to use HTTPS. This also, they have considered and implemented as a ranking criteria on Google search result list on website ranking.

HTTPS purpose simply is to help prevent attackers from interfering with the data transferred between a website and your browser.

Nonetheless, the hackers did spy on HTTPS websites and had access seemingly secured information using Chrome and Firefox browsers.

The Cyber-espionage Hacker Group Responsible



The novel attack has been blamed on the hacker group “Turla” for its used detailed attempts was revealed by Kaspersky.

Turla with other given names such as Snake, Uroburos, Krypton, Venomous Bear, Waterbug, Group 88, and Turla Team. Is a well-known hacker group believed to operate under the protection of the Russian government. Moreover, the Estonian Intelligence Services with evidence, associated Turla with the Russian Federal Security Service (FSB) and Foreign Intelligence Service SVR.

Turla is associated with Agent.btz and believed to be behind several infamous cyber attacks. They were behind the RUAG espionage incident, an attempted compromise of the Swiss Defense Ministry. Also, the group has been known to hijack and use telecommunication satellites to deliver malware to remote areas.

Turla has also been involved in the social media cycle. Using a Turla’s watering hole campaign (an updated Firefox extension abusing Instagram). They were able to insert a malware on Instagram comments section. This was seen on a photo posted by Britney Spears on Instagram.
How the Russian Hackers were able to Modify Chrome and Firefox

According to the report done by Kaspersky, Turla uses a remote access trojan named Reductor for the attack. The process involves two steps.
Step 1: First, they install their own digital certificates to each infected host. After this is done, it would allow the hackers to intercept any TLS traffic originating from the host.
Step 2: Next, they modify the browser installation to patch their pseudo-random number generation (PRNG) functions.

These functions are used when generating random numbers needed for the process of establishing new TLS handshakes for HTTPS connections.

In other terms, the attack first infects the system with remote access Trojan and thereafter modifies the browsers using the same trojan. Then, it starts installing own certificates in order to intercept TLS traffic from the host. Finally, it patches the pseudo-random number generation that establish TLS connections.

After a successful operation, a fingerprint to every TLS action is added and can track encrypted traffic passively.

How to remove the trojan



Certainly, the Turla hackers are both sophisticated and smart and did anticipate a user approach to removing the malware. Probably, once a user discovered the trojan, the next point of action is to uninstall. Doing so will not get rid of the malware entirely.

The only way to actually remove the trojan completely would be to do a fresh install of the browser. Anyways, the intended targets are located in Russia and Belarus which maybe related to politics. Still, it could be use for other reasons and you need to be aware and brace up for impact.

Final words

Consequently, Turla has been one of today’s most sophisticated cyber hacker group, by a wide margin. Their skills and techniques are years ahead of their competition. This is not the first time Turla has alters a browser component to deploy malware on infected hosts and probably not the last.

Turla is sophisticated and enabling the Russian hackers to modify Chrome and Firefox with malware and their government backings. So, what really can you do to protect yourself? Always read security updates and tips from your Antivirus provider and security experts.

Always try to keep yourself safe and updated on the latest threats out there on the public domain.

Source: https://techablaze.com/blog/russian-hackers-modify-chrome-and-firefox-to-spy-on-users/

(1) (Reply)

Free OST To PST Converter / ... / Ebay Checkout At 320/$ . Delivery To Nigeria In 5-14 Working Days.

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2020 Oluwaseun Osewa. All rights reserved. See How To Advertise. 62
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.