A dodgy ad lets hackers steal files from Firefox users' computers - and no one knows how many websites have been affected
Reuters Pictures
The campaign was uncovered by Mozilla security lead Daniel Veditz in a blog post.
"A Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine," the blog post read.
Veditz said the extent and purpose of the attack remains unknown as it uses advanced evasion techniques, though it is likely other services are hosting the dangerous ad.
"The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news site, though of course we don't know where else the malicious ad might have been deployed," noted Veditz.
While the number of websites affected remains unknown, its potential for harm is high. Firefox is listed by analytics firm StatCounter as the third-most used web browser in the world. StatCounter currently lists Firefox as controlling 16% of the browser market.
Veditz said the nature of the exploit means Firefox users that fall victim to the campaign will have no clue their data has been stolen and should preemptively change their passwords.
"The exploit leaves no trace it has been run on the local machine. If you use Firefox on Windows or Linux it would be prudent to change any passwords," he said.
The fix for the vulnerability is available now and Firefox users are recommended to update their browser as soon as possible.
The Firefox attack is one of many recently uncovered espionage campaigns. Researchers at FireEye uncovered a surveillance operation targeting iPhone users earlier this week. The campaign let hackers install dodgy data harvesting apps on non-jailbroken iPhones without the user's consent.
- I got a $40K raise using this 30-second strategy. It made me realize loud work, not hard work, always wins.
- Qatar Airways' new CEO explains why it's sticking with the Airbus A380 as other airlines retire the costly superjumbo
- Prince Harry and Meghan found out about Kate Middleton's cancer diagnosis on TV like everyone else, report says
- BenQ Zowie EC2-CW review – Premium wireless mouse for gamers
- Banks' GNPAs set to improve further to 2.1 pc by FY25: Care Ratings
- FPIs make remarkable comeback, infuse ₹2 lakh cr in FY24
- PM Modi and Bill Gates discuss AI, climate change, millets and more
- Consuming excessive salt and inadequate potassium, protein is making North Indians prone to life-threatening diseases: Study