+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

A dodgy ad lets hackers steal files from Firefox users' computers - and no one knows how many websites have been affected

Aug 7, 2015, 20:08 IST

Mozilla has released a fix for the flaw being targeted by hackers.Reuters Pictures

Hackers have figured out a way to upload a malicious ad to websites that steals files stored on Firefox users' computers when the ad is clicked. The files are then uploaded to a server that security experts believe is in Ukraine.

Advertisement

The campaign was uncovered by Mozilla security lead Daniel Veditz in a blog post.

"A Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine," the blog post read.

Veditz said the extent and purpose of the attack remains unknown as it uses advanced evasion techniques, though it is likely other services are hosting the dangerous ad.

"The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news site, though of course we don't know where else the malicious ad might have been deployed," noted Veditz.

Advertisement

While the number of websites affected remains unknown, its potential for harm is high. Firefox is listed by analytics firm StatCounter as the third-most used web browser in the world. StatCounter currently lists Firefox as controlling 16% of the browser market.

Veditz said the nature of the exploit means Firefox users that fall victim to the campaign will have no clue their data has been stolen and should preemptively change their passwords.

"The exploit leaves no trace it has been run on the local machine. If you use Firefox on Windows or Linux it would be prudent to change any passwords," he said.

The fix for the vulnerability is available now and Firefox users are recommended to update their browser as soon as possible.

The Firefox attack is one of many recently uncovered espionage campaigns. Researchers at FireEye uncovered a surveillance operation targeting iPhone users earlier this week. The campaign let hackers install dodgy data harvesting apps on non-jailbroken iPhones without the user's consent.

Advertisement

NOW WATCH: The 'Tesla of scooters' is finally available and it looks incredible

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article