Noting a trend where malware writers have shifted away from using C and C++. Cybercriminals and APTs both find it easy to work with and it’s good for evasion because it’s hard to detect. Moreover, with the massive migration to all things cloud, many cloud-native applications are written in Go. This is the way.
Malicious Firefox Extensions Used to Hijack Gmail Accounts per Bleeping Computer
Chinese-based APT group TA413 targeted Tibetan organizations in a cyber espionage campaign that hijacked Gmail accounts to infect them with Scanbox malware to harvest data and log keystrokes. TA413 used phishing emails to redirect victims to a malicious Adobe Flash Player update site (wait isn’t that always a bad thing?) and victims would get tricked into loading the FriarFox browser extension to let attackers gain control.
Malicious browser extensions are more prevalent than we realize, and are being leveraged by state-sponsored attackers to gain control over dissidents. Think beyond that to how it can be leveraged against us. Good report by Proofpoint here.