Engadget reports that Kaspersky specialists have found a new threat on the web. It is a trojan created by Russian hackers to infect Google Chrome and Firefox web browsers. Turla hacker group is said to be responsible for the dangerous software.
Many criminals focus exclusively on exploiting security vulnerabilities in browsers, but this team has gone one step further - it infects systems with remote access trojan and uses it to modify browsers, starting by installing their own certificates to intercept TLS traffic from the host. But that's not all. Hackers created their code in such a way that it is able to authenticate every TLS action, so that criminals are able to track encrypted traffic.
Transport Layer Security (TLS)
It is a protocol that ensures the confidentiality and integrity of data transmission, as well as server authentication. It is based, among other things, on asymmetric encryption.
Unfortunately, we do not know any specific reasons for the group's actions. It is said that Turla operates under the protection of the Russian Government, because its first targets were located in Russia and Belarus. Interestingly, the Turla group has already done some pretty "hot" stuff in the past, compromising Eastern European Internet providers and infecting clean files during download.
How can a possible attack be avoided? First, unless you are from Russia or Belarus you should be safe for now. Nevertheless, remember to always download software from a legal source, preferably from developers. Watch out for fake websites, and of course, a proven antivirus is also useful.
- Kaspersky Lab - official website