Users who set their language setting in their browser to Chinese and who visited popular Chinese websites in the past few months were at risk of being spied upon. An IT security expert with the pseudonym Imp0rtp3 has found a “Tetris” framework for large-scale web attacks with which to exploit security gaps on 58 popular portals. Of these, 57 are in Chinese. The only English language offering affected is the New York Times website.
attackers could According to the researcher’s analysis They also abuse legitimate browser functions with the tool to collect keystrokes from the user, a variety of operating system details, location data, and even a recording of the target person’s face via an installed webcam. However, exploits aimed at vulnerabilities in third-party web portals were more specific: they also usually triggered a notification request through the browser.
security with noscript
Imp0rtp3 came across a spy tool on two news blogs with a Chinese readership. One page, which is still updated regularly, was directed at activities against Taiwan and Hong Kong by the Chinese government. On the second portal, written in Swedish, the general atrocities of the communist regime were discussed up to 2016. Readers were initially “welcomed” by the first of the two Tetris components in the form of Jetrise. This component collects and reads basic information about the visitor’s browser.
In the case of one presumed Chinese user, the second component “Swid” loaded 15 different plugins as JavaScript files into the victim’s browser to perform various tasks. eight of them used what is known as JSON hijackingTo open connections to popular websites and retrieve public data about the user there. Passwords or authentication cookies did not fall into the hands of the attackers. But they could collect information like usernames, phone numbers or real names. Imp0rtp3 recommends browser extensions as security noscript Or surfing in private browser mode.
(Axe)