A dodgy ad lets hackers steal files from Firefox users' computers - and no one knows how many websites have been affected
Reuters Pictures
The campaign was uncovered by Mozilla security lead Daniel Veditz in a blog post.
"A Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine," the blog post read.
Veditz said the extent and purpose of the attack remains unknown as it uses advanced evasion techniques, though it is likely other services are hosting the dangerous ad.
"The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news site, though of course we don't know where else the malicious ad might have been deployed," noted Veditz.
While the number of websites affected remains unknown, its potential for harm is high. Firefox is listed by analytics firm StatCounter as the third-most used web browser in the world. StatCounter currently lists Firefox as controlling 16% of the browser market.
Veditz said the nature of the exploit means Firefox users that fall victim to the campaign will have no clue their data has been stolen and should preemptively change their passwords.
"The exploit leaves no trace it has been run on the local machine. If you use Firefox on Windows or Linux it would be prudent to change any passwords," he said.
The fix for the vulnerability is available now and Firefox users are recommended to update their browser as soon as possible.
The Firefox attack is one of many recently uncovered espionage campaigns. Researchers at FireEye uncovered a surveillance operation targeting iPhone users earlier this week. The campaign let hackers install dodgy data harvesting apps on non-jailbroken iPhones without the user's consent.
- I spent 2 weeks in India. A highlight was visiting a small mountain town so beautiful it didn't seem real.
- I quit McKinsey after 1.5 years. I was making over $200k but my mental health was shattered.
- Some Tesla factory workers realized they were laid off when security scanned their badges and sent them back on shuttles, sources say
- Stock markets stage strong rebound after 4 days of slump; Sensex rallies 599 pts
- Sustainable Transportation Alternatives
- 10 Foods you should avoid eating when in stress
- 8 Lesser-known places to visit near Nainital
- World Liver Day 2024: 10 Foods that are necessary for a healthy liver