Russian hackers modify Chrome, Firefox to track internet traffic

Russian hackers modify Chrome, Firefox to track internet traffic

Many hackers will not bit internet browsers on the far side exploiting their vulnerabilities, however, one cluster is taking things one step additional. Kaspersky has elaborate makes an attempt by a Russian cluster, Turla, to fingerprint TLS-encrypted internet traffic by modifying Chrome and Firefox. 

The team initial infects systems with a distant access trojan and uses that to switch the browsers, starting with installing their own certificates (to intercept TLS traffic from the host) and then patching the pseudo-random number generation that negotiates TLS connections. That lets them add a fingerprint to each TLS action and passively track encrypted traffic. 

Just why the intruders would need to do that isn't entirely clear. If you've infected a system with a remote control trojan, you don't need to patch the browser to spy on traffic. ZDNetsuggested it would be a failsafe that allows intruders to spy on traffic for those who take away the trojan, however, are not cautious enough to instal their browsers.

The perpetrators seem to be easier to spot, which may reveal their motives. Turla is believed to figure beneath the protection of the Russian government, and initial targets were located in Russia and Belarus.  The cluster is refined enough to own compromised Japanese European net suppliers within the past to infect otherwise clean downloads. This may be a trial to eavesdrop on dissidents and alternative political targets employing a technique that is tough to thwart.