Russian hackers modify Chrome and Firefox to track secure web traffic
Have you heard that Russian hackers are infecting systems with RATs and using them to modify Chrome and Firefox browsers, adding a fingerprint to every TLS action and passively track encrypted traffic? Learn more in an interesting Engadget article:
Many hackers won't touch web browsers beyondexploiting their vulnerabilities, but one group is taking things one step further. Kaspersky hasdetailedattempts by a Russian group, Turla, to fingerprint TLS-encrypted web traffic by modifying Chrome and Firefox. The team first infects systems with a remote access trojan and uses that to modify the browsers, starting with installing their own certificates (to intercept TLS traffic from the host) and then patching the pseudo-random number generation that negotiates TLS connections. That lets them add a fingerprint to every TLS action and passively track encrypted traffic.
The link for this article located at Engadget is no longer available.