Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. Threat actors aligned with the Chinese Communist Party s state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users Gmail accounts, Proofpoint said in an analysis.
The Sunnyvale-based enterprise security company pinned the phishing operation on a Chinese advanced persistent threat (APT) it tracks as TA413, which has been previously attributed to attacks against the Tibetan diaspora by leveraging COVID-themed lures to deliver the Sepulcher malware with the strategic goal of espionage and civil dissident surveillance.
New Silver Sparrow Malware Infected Nearly 30,000 Apple Macs
Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x86 64 and the iPhone maker s M1 processors.
However, the ultimate goal of the operation remains something of a conundrum, what with the lack of a next-stage or final payload leaving researchers unsure of its distribution timeline and whether the threat is just under active development.
Calling the malware Silver Sparrow, cybersecurity firm Red Canary said it identified two different versions of the malware one compiled only for Intel x86 64 and uploaded to VirusTotal on August 31, 2020 (version 1), and a second variant submitted to the database on January 22 that s compatible with both Intel x86 64 and M1 ARM64 architectures (version 2).