Alleged reports have registered that a certain Chinese Communist Party-supported Chinese hacker group has been snooping on Tibetan activists by deploying a Firefox malware extension.
According to investigations conducted by cybersecurity vendors, a low-degree phishing campaign against the Tibetan dispersal has been observed from the month of March 2020. However, the phishing campaigns reached sophisticated levels of malware attacks with the mal-utilization of a dedicated malware extension called “FriarFox” in the current year.
This malware deployment of FriarFox is allegedly linked to the Chinese hacker group TA413. While this may not be TA413’s first time delivering malware, it certainly is a one being so largely dispensed. Other malware in their list of dispensaries allegedly includes the Scanbox as well as the Sepulcher malware in early 2021.
The Sepulcher malware had been formerly reported being linked to the Lucky Cat and Exile Rat malware campaigns as well, both the malware being two of the cyber-attacks targeting Tibetan organizations.
As is allegedly believed, the Chinese hacker group TA413 is itself an APT group that is backed by the Chinese government.
Mal-workings of the malware:
The scanning scripts then determine whether to deploy the ‘FriarFox’ charge, which allegedly gives the bad actors unauthorized access to the victim’s Gmail accounts.
Seemingly, the malware is configured to read, erase, send, mark as spam, archive search for as well as access browser windows on Firefox extension, alter privacy settings, and access user data of all websites.