Russian hackers modify Chrome and Firefox to track secure web traffic
1 min read
Oct 07, 2019
Have you heard that Russian hackers are infecting systems with RATs and using them to modify Chrome and Firefox browsers, adding a fingerprint to every TLS action and passively track encrypted traffic? Learn more in an interesting Engadget article:
Many hackers won't touch web browsers beyondexploiting their vulnerabilities, but one group is taking things one step further. Kaspersky hasdetailedattempts by a Russian group, Turla, to fingerprint TLS-encrypted web traffic by modifying Chrome and Firefox. The team first infects systems with a remote access trojan and uses that to modify the browsers, starting with installing their own certificates (to intercept TLS traffic from the host) and then patching the pseudo-random number generation that negotiates TLS connections. That lets them add a fingerprint to every TLS action and passively track encrypted traffic.
The link for this article located at Engadget is no longer available.
Related Articles
1 - 0 min read
Remotely Exploitable Poppler DoS Bugs Fixed - Update Now!
1 - 0 min read
OpenJDK DoS, Info Disclosure Vulns Fixed
