Russian Hackers Allegedly Modifying Chrome and Firefox, Secretly Tracks Secure Web Traffic
A Russian hacker group has been purportedly using a new technique that involves patching installed browsers like Chrome and Firefox to modify their internal settings and components.
Reports say that the attack is aimed to alter the way Chrome and Firefox setup HTTPS connections via adding an individual fingerprint for the TLS-encrypted web traffic coming from the infected computers.
Many hackers are known to exploit vulnerabilities in operating systems and browsers; however, not many are known to be so brave as to touch web browsers directly.
Related Article: Hackers Target SWIFT Users Using Bangladesh Heist Methods
According to a report published by Kaspersky, the hackers are hijacking the browsers with a remote access Trojan named Reductor. First, they install their very own digital certificates to the infected hosts, granting access to intercept and TLS traffic coming from the host.
Afterward, they modify the browsers in order to patch their pseudo-random number generation (PRNG) functions. This is believed to be a method used to establish new TLS handshakes for HTTPS connections.
Simply put, the hackers are piggybacking on the security features of Chrome and Firefox browsers in order to assign a unique fingerprint that identifies users and computers. This is then used to monitor TLS traffic without a problem.
Due to the complexity of the operation, the blame is being put on Turla, a renowned hacker group that is allegedly operating under the protection of the Russian Government.
Kaspersky also pointed out that this is something the group is capable of doing. In addition, this isn't the first time the group has been involved in a controversial hacking incident as well.
Related Article: iPhone Owners Beware, Your Smartphones Can Be Hacked Using Wi-Fi
Back in January 2018, a report from the cyber-security firm ESET uncovered that Turla hacked and compromised about four ISPs in Eastern Europe and the former Soviet space. The reported attack was put in motion to download and add malware to various legitimate files.
Now, Kaspersky believes that the January incident is somewhat similar to the current dilemma, leading them to strongly believe that Turla is behind the attack.
It is yet unclear how, when, or why this attack had happened; however, there are theories on what the group's motives are.
One of the most apparent theories is that of a source from ZDNet which stated that Turla is doing this to passively observe HTTPS traffic across the web. The same theory was also mentioned by Kaspersky in their statement.
Another plausible explanation is that the hackers are utilizing the unique TLS fingerprint as a secondary surveillance mechanism. It serves as a fail-safe plan in case the victims found and removed the Reductor trojan.
Nonetheless, Kaspersky reported that whatever the motive is, it's not breaking a user's encrypted traffic. Now, the Russian group is yet to release a statement, confirming or denying these allegations.
Experts are giving the public a warning though since the presence of Reductor RAT on a device would allow hackers to fully access and control the device in real-time.
Related Article: The Most Dangerous State-Sponsored Hackers Groups In The World
MORE IN ITECHPOST
How Does Uber's New Hourly Function Work? Will a Rider Still Pay $50 For Shorter Trips? All FAQs Answered!
Uber now lets riders pay an hourly rate for a multi-stop trip. But where did it come from and why are they doing it? So many questions we'd like to ask!
Benefits of LED Grow Lights for Your Indoor Plants
There has been a surge in the number of growers cultivating indoor crops. Some turn to indoor farming in areas like cities, where there are almost no green spaces. Growing indoors takes advantage of otherwise wasted space and makes it possible for anyone to create an indoor garden.
Darkest Dungeon Is Celebrating Its New DLC With A Free Weekend: Here Are Some Tips To Help You Out!
Red Hook Studio's Darkest Dungeon has had a new DLC released on Steam and with it a free weekend. Grab the PvP game and try it out after reading these tips on how you can play the game the best you can.
[Spoiler Alert] Jurassic World 3: Will the Original Cast Be Back?
Jurassic World III is on its way and if you're wondering if you're expecting everything to be the same, you might be surprised. A source stated that the former cast of the Jurassic Park movie trilogy would be reprising their roles in Jurassic World: Dominion.