Close Menu
    Facebook X (Twitter) Instagram
    ESP Blockchain Journal
    • Noticias
      • Noticias Blockchain
      • Noticias Bitcoin
      • Noticias Ethereum
      • Noticias Ripple
      • NFT
      • Metaverso
      • DeFi
      • Noticias Tron
      • Noticias Litecoin
      • Noticias Monero
      • Noticias Cardano
      • Noticias Stellar
      • Noticias Algorand
      • Noticias Dogecoin
      • Noticias Polkadot
      • Noticias Kusama
      • Noticias Solana
      • Opinión
    • Análisis de Precios
    • Academia Cripto
    • Contacto
    • bandera
    ESP Blockchain Journal
    Home»Noticias»Scammers attack: Mozilla has a critical vulnerability, and Android applications steal data

    Scammers attack: Mozilla has a critical vulnerability, and Android applications steal data

    0
    By BlockchainJournal on junio 19, 2019 Noticias
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Coinbase Security and Google security researcher Samuel Gross discovered a vulnerability in Mozilla Firefox browser that could manipulate Javascript objects. It has already been used to attack users of cryptocurrency. This is reported on Medium .

    The zero-day vulnerability received a CVE-2019-11707 identifier, and in Firefox, the bug was assigned a critical or highest threat level.

    "Critical vulnerability – it can be used to launch an attacker's code and install software that does not require user interaction, except for normal viewing."

    In fact, the attackers could force users to go to malicious sites and thus be able to execute arbitrary code on the devices of their victims. The scammers who used the bug could install programs, view, change or delete data, as well as create new accounts.

    Users are urged to upgrade as soon as possible to the new version of Firefox 67.0.3 and Firefox ESR 60.7.1, in which the vulnerability is fixed.

    Context: https://t.co/EQX4Ev42tx

    – Samuel Groß (@ 5aelo) June 19, 2019

    In addition, malicious applications for the Android OS were found. They could steal one-time two-factor authentication passwords using a notification system.

    2FA & OTP codes.
    It intercepts SMS notifications.
    Discovered fake cryptocurrency exchanges with such functionality on the Play Store. https://t.co/t5Vtm3DrJW

    – Lukas Stefanko (@LukasStefanko) June 17, 2019

    ESET researcher Lukash Stefanko has identified a number of applications (BTCTurk Pro Beta and BtcTurk Pro Beta), posing as the Turkish cryptocurrency exchange BtcTurk. They could steal account data and use it in services protected by two-factor authentication.

    Note that at the beginning of the year, Google imposed restrictions on applications by banning them from accessing SMS messages and call logs without serious justification. However, the attackers were able to circumvent these limitations: applications request permission to check and manage notifications.

    Once it was received, users were asked to enter their credentials from various cryptocurrency services in fake forms. The collected information was transferred to the attackers server, and they got access to notifications from other applications. It is noteworthy that fraudsters could also turn off the sound, notifying of incoming notifications, so that the victims did not even know about unauthorized intervention.

    Thus, the researcher discovered filters that distinguish a kind of target applications, whose names contain the keywords gm, yandex, mail, k9, outlook, sms and messaging.

    Recall, recently, analysts at ESET found a fake Trezor Mobile Wallet app in the Google Play store, disguised as a popular wallet and stealing users' cryptocurrency.

    Subscribe to BlockchainJournal news on Facebook !

    << aside id = "unisender_subscribe_form-10" class = "widget unisender_form">

    BlockchainJournal.news

    BlockchainJournal.news

    Android CoinBase Facebook Featured Google Store Trezor
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    BlockchainJournal

    Related Posts

    Hyperliquid pide propuestas para lanzar USDH en medio de objeciones por equidad en la gobernanza

    septiembre 5, 2025

    SharpLink explorará el staking de parte de su tesorería en Ethereum en la red Linea

    septiembre 5, 2025

    Strategy Inc. enfrenta obstáculos para entrar al S&P 500 por su volatilidad y dependencia de Bitcoin

    septiembre 5, 2025

    Coinbase acelera hacia mayoría de código generado por IA en medio de una tendencia global

    septiembre 4, 2025

    World Liberty Financial bloquea la wallet de Justin Sun en medio de la polémica por WLFI

    septiembre 4, 2025

    SEC apuesta por una agenda pro-cripto con una serie de rulemakings sobre activos digitales

    septiembre 4, 2025
    Buscar
    Facebook X (Twitter) Instagram Pinterest
    © 2025 Blockchainjournal

    Type above and press Enter to search. Press Esc to cancel.

    Utilizamos cookies para asegurar que damos la mejor experiencia al usuario en nuestra web. Si sigues utilizando este sitio asumiremos que estás de acuerdo.