Hackers Patch Web Browsers to Track Encrypted Traffic
Credit:
Bleeping Computer
Researchers have found a new piece of malware, likely from an advanced threat group, that can patch Chrome and Firefox browsers to identify the encrypted traffic from a victim's computer.
The threat adds to the victim host Transport Layer Security (TLS) certificates, which help carry out man-in-the-middle (MitM) attacks on encrypted traffic.
Named Reductor, the threat was spotted in a campaign at the end of April that continued at least until August. Apart from TLS traffic manipulation, it comes with the typical assortment of remote access functions - upload, download, and execute files.