Latest news with #SocketThreatResearchTeam
Forbes
08-07-2025
- Forbes
Firefox Users Warned As Credential Theft Hackers Target Browser
Malicious Firefox extensions can steal your passwords. When someone says your browser security is at risk, or that credential-stealing hackers are targeting your browser, the chances are that your mind will turn to Google Chrome. Not because it is an insecure application, far from it, but rather it's the world's most popular web browser by some margin, so naturally it is the target of most attacks. Cybercriminal hackers, however, like to spread the malicious hate, and users of the privacy-focused Mozilla Firefox can not escape their attention. A new report has uncovered a total of eight malicious Firefox extensions that could steal authentication tokens and even spy on users. Here's what you need to know. Dangerous Firefox Extensions Uncovered By Socket Threat Research Team Whatever web browser you use, the universal truth is that someone will be out to get you. When it comes to cybercriminals, a preferred attack route is via a malicious extension or add-on. Which is why all browser vendors, including Mozilla, provide background protections and public support to minimize the risk as much as is humanly and technologically possible. Yet, as the July 4 Socket Threat Research Team report confirmed, attackers continue to target Firefox users. 'While our investigation focuses on Firefox extensions,' Kush Pandya a security engineer and researcher, and part of the Socket Threat Research Team, said, 'these threats span the entire browser ecosystem.' However, the specific Firefox investigation in question disclosed a total of eight extensions that were capable of causing harm, including: redirection to scam sites, user session hijacking to earn commissions on shopping sites, spying using invisible iframe tracking methodology, and, perhaps most seriously of all, authentication theft. Mitigating The Firefox Extensions Attack Risk I would advise you to read the full report for all the technical information and details of the extensions themselves. Meanwhile, however, I have been in communication with Mozilla. I can confirm that it is both aware of the threats in question and has taken positive action to protect Firefox users. I was assured that the Firefox add-ons team had reviewed the extensions mentioned in the report, which obviously went against Mozilla's add-on policies. The team found they had affected what it called a very small number of users and that appropriate action, including taking down some of the extensions, had been taken. 'We help users customize their browsing experience by featuring a variety of add-ons, manually reviewed by our Firefox Add-ons team, on our Recommended Extensions page,' a Firefox spokesperson said. To keep users safe, the spokesperson continued, 'we disable extensions that compromise their safety or privacy, or violate our policies, and continuously work to improve our malicious add-on detection tools and processes.' Mozilla further recommended that Firefox users take additional steps, bearing in mind that such add-ons are usually developed by third parties, to protect themselves from threat actors. These include checking extension reviews and ratings, and keeping your eyes open for any that require excessive permissions that are not consistent with what the extension claims to do. 'If an extension seems like it might be malicious,' the spokesperson said, 'users should report it for review.'
Forbes
03-05-2025
- Forbes
Data-Stealing Gmail Tunnel Created By Hackers — What You Need To Know
Beware this Python threat that creates a Gmail tunnel. Love it or loathe it, you can't ignore Google's highly popular free email platform, Gmail. With reports of sophisticated threats against users and seven-day account recovery warnings following password compromises, this is one email service that's never far from the news headlines. While many of these involve direct attacks against Gmail accounts, some are a little more, shall we say, complex in terms of the threat they pose. Such is the case with the latest report from security researchers who have uncovered Coffin-Code attackers using malicious Python packages designed to create a data-exfiltrating tunnel by way of Gmail. Here's what you need to know. Let's start at the beginning and make it clear that the Simple Mail Transfer Protocol at the heart of this attack mechanism is not used by Gmail alone. SMTP is the de facto communication protocol used to send and receive email across the internet. It is, however, a highly trusted protocol just as Gmail is a highly trusted email provider. Trust plus trust, in this case, equals danger. What the Socket Threat Research Team discovered, as reported by Olivia Brown, a threat analyst at Socket, is that attackers have created a bunch of malicious Python packages that use Gmail's SMTP protocol to create a tunnel that can exfiltrate data and execute attack commands. Read the full report if you want all the technical details. Although all seven malicious packages have now been removed from the Python Package Index, the attack methodology is worth taking note of. 'Watch for unusual outbound connections, especially SMTP traffic, since attackers can use legitimate services like Gmail to steal sensitive data,' Brown warned. I have reached out to Gmail for a statement.
