Firefox 0-day abused to steal cryptocurrency from Mac users

Posted on Friday, June 21 2019 @ 10:16 CEST by Thomas De Maesschalck

Some more details emerged about the 0-day vulnerability in Firefox that got plugged yesterday. ARS Technica writes cybercriminals exploited the hole to try to steal cryptocurrency from Coinbase employees. Coinbase managed to thwart the attack but claims they're not the only crypto organisation that got targeted in this campaign. Interestingly, the ARS article indicates the attacks focused on the Mac platform, there's no evidence at this point that this attack was carried out against Windows users too.

On Thursday, macOS security expert Patrick Wardle published an analysis of Mac malware that came from someone who claimed it infected his fully up-to-date Mac through a zero-day vulnerability in Firefox. The person claimed to have been "involved with a cryptocurrency exchange until fairly recently." The hash of the malware matched one of the hashes provided by Martin.

1/ A little more context on the Firefox 0-day reports. On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day firefox sandbox escape, to target Coinbase employees.
— Philip Martin (@SecurityGuyPhil) 19 juni 2019

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!