A Russian hackers group named Turla has modified Google Chrome and Firefox installers to spy on web traffic. This hacking method basically tracks all actions performed by TLS which is a web security protocol used by both these browsers. Kaspersky, a cybersecurity company, has discovered and detailed this group’s approach and motives.
Security is the foremost consideration of people for any browser or software, which is why Google encourages all web developers to use HTTPS and TLS encryption to secure website and user data. Most hackers don’t go past exposing browsers’ vulnerabilities but this group decided to go one step further and record the site data.
The hacking malware called Reductor by Kaspersky takes a very sophisticated approach. It infects the system with a remote trojan. This allows them to patch installers for Google Chrome and Mozilla Firefox to modify the browsers to include their special fingerprinting function. This might be done on-the-fly as the installer is being downloaded. This fingerprint then downloads their own certificates that intercept with every TLS connection allowing the hackers to passively track data.
The astonishing thing is that the infected browser keeps sending data to the hackers even after the trojan is removed from the system. The only way you can get rid of the tracking system is if you delete and download the installer again.
Moving on to their intentions, the hacker group has been known to be working under Russian’s government protection. They have targeted several internet service providers located in Europe in the past. The initial targets of Reductor have identified to be in Russia and Belarus. So they might be doing it for political reasons to spy on their targets.