The popular Firefox Send service has been a target of an active abuse by attackers to distribute malicious software aimed to damage or steal information from the victim’s device. The attacks are still ongoing and have been reported in Slovak cyberspace.
Abuse of this service with spread of malicious software has already been reported in Europe. Recipients received an email with a link and password, and after entering it, malicious software was downloaded and installed on the device. The subject of the report contained the title: “COVID-19: Notre accompagnement auprès de nos actionnaires” (COVID – 19 Our support to shareholders). The link was also published on the social network Twitter. Malicious software subsequently corrupted or stolen information from victims’ devices.
NCKB SK-CERT has recorded a similar way of abusing the Firefox Send service in the Slovak cyberspace – the mail, which appeared to be from a legitimate Slovak domain, but was in fact sent from a foreign domain and servers, contained the English text:
„Good afternoon, you are entitled to extra pay because of quarantine of coronavirus?
See more info:
[malicious URL link]
Password for archive: [password] “
The attackers once again took advantage of the situation regarding the spread of COVID – 19 and a reckless reaction of people who immediately opened the report and did not check the source. Because it is not necessary to have a Firefox account to access the file, attackers have only been given a convenient way to spread malware.
NCSC SK-CERT recommends in connection with ongoing attacks:
- Do not open unauthenticated messages or messages from unknown users
- Do not open suspicious attachments
- Do not open suspicious URLs, especially if they contain a link to Firefox Send and you are unaware that someone wants to share files with you through Firefox Send
- We also recommend that you do not open URL links from any other similar sharing service unless you know the sender and expect no file.
- In case of suspicion, verify the content of the message with the sender in another form (by phone, in person)
- If you’ve received an email or other message that contained a link to Firefox Send and you don’t use this service, or do not share files with anyone in this way, contact NCSC SK-CERT
« Späť na zoznam