In what appears to be a first on the cyber-espionage scene, a nation-state-backed hacking group has used a Google Chrome extension to infect victims and steal passwords and cookies from their browsers. From a report: This is the first time an APT (Advanced Persistent Threat — an industry term for nation-state hacking groups) has been seen (ab)using a Chrome extension, albeit it’s not the first time one has used a browser extension, as the Russian-linked Turla APT previously used a Firefox add-on in 2015. According to a report that’s going to be published later today by the ASERT team at Netscout reveals the details of a spear-phishing campaign that’s been pushing a malicious Chrome extension since at least May 2018.
Hackers used spear-phishing emails to lure victims on websites copied from legitimate academic organizations. These phishing sites, now down, showed a benign PDF document but prevented users from viewing it, redirecting victims to the official Chrome Web Store page to install a (now removed) Chrome extension named Auto Font Manager.
Powered by WPeMatico