turla
Latest
Russian hackers modify Chrome and Firefox to track secure web traffic
Many hackers won't touch web browsers beyond exploiting their vulnerabilities, but one group is taking things one step further. Kaspersky has detailed attempts by a Russian group, Turla, to fingerprint TLS-encrypted web traffic by modifying Chrome and Firefox. The team first infects systems with a remote access trojan and uses that to modify the browsers, starting with installing their own certificates (to intercept TLS traffic from the host) and then patching the pseudo-random number generation that negotiates TLS connections. That lets them add a fingerprint to every TLS action and passively track encrypted traffic.
Russian malware link hid in a comment on Britney Spears' Instagram
Instagram is on its way to hitting a billion users this year and with that kind of popularity comes a lot of traffic. But lurking among all of many, many harmless comments that get posted each day, there's also the occasional post instructing Russian malware how to get in touch with its controllers. Because of course there is.