1. Home >
  2. Internet & Security

Firefox Zero-Day Used to Install Mac Malware

Mozilla issued an emergency Firefox patch earlier this week, citing a dangerous zero-day exploit. Because it believed hackers were exploiting the flaw in the wild, Mozilla declined to provide details on the nature of the problem. There are some additional details now, and they suggest the focus of the attack is on cryptocurrency exchange employees.
By Ryan Whitwam
firefox quantum
Mozilla issued an emergency Firefox patch earlier this week, citing a dangerous zero-day exploit. Because it believed hackers were exploiting the flaw in the wild, Mozilla declined to provide details on the nature of the problem. There are some additional details(Opens in a new window) now, and they suggest the focus of the attack is on cryptocurrency exchange employees. The vulnerability came as a result of JavaScript flaws that malicious actors could use to produce an exploitable browser crash. That opened the door to running remote code on the system. As second related vulnerability allowed attackers to break out of the Firefox security sandbox and into the operating system. Mozilla issued the JavaScript patch on Tuesday and the sandbox fix on Thursday. Before either of those patches rolled out, Mozilla became aware of an attack leveraging both vulnerabilities. At the time, we only knew the attacks had something to do with Coinbase as the initial bug report came from a researcher who works on both Google's Project Zero and the Coinbase security team. Now, Coinbase's head of security Philip Martin says the attack was aimed at Coinbase employees and not users. Martin also notes that other exchanges were targeted in the attacks, although none have stepped forward. Meanwhile, Apple security expert Patrick Wardle published an analysis of malware that appears to have installed itself on a fully updated Mac. The hash provided by Wardle matches one from Martin, and the victim of the attack was involved with a cryptocurrency exchange until very recently. Unfortunately, the malware is novel and avoided Apple's protection mechanisms, but Wardle believes that Apple will have a patch to change the way macOS scans files downloaded by applications rather than the user. Wardle also has a copy of the phishing email sent to the victim, who says the attack consisted of a so-called "drive-by download" in Firefox. The website has since vanished, though. The aim was probably to gain access to the crypto wallets used by exchanges to move funds. The malware samples collected from this attack are only compatible with macOS, but one of the command and control servers has also been known to control Windows malware. It's possible a Windows version of the attack exists in the wild but has evaded detection thus far. Now read:

Tagged In

MacOS Security Malware Apple Mozilla

More from Internet & Security

Examples of posts with Meta's "Made with AI" label on them.
Meta Will Begin Labeling AI-Generated Content. Is It Enough to Combat Misinformation?
By Adrianna Nine
Close-up of the YouTube listing in the iPadOS App Store.
YouTube Cracks Down on Third-Party Media Players That Block Ads
By Adrianna Nine
Someone typing on a computer keyboard.
US Cybersecurity Agency Will Review Malware Samples Sent by the Public
By Adrianna Nine
Twitter fire
Twitter Tries, Fails, to Swap its URLs for X.com
By Ryan Whitwam
iPhone face-down on a table.
iPhone Users in 92 Countries Receive Warning About 'Mercenary Spyware Attack'
By Adrianna Nine
Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of use(Opens in a new window) and Privacy Policy. You may unsubscribe from the newsletter at any time.
Thanks for Signing Up