Recently, news sent shivers down the spines of Firefox users. Not one but two security vulnerabilities were revealed within the popular web browser, known for its built-in privacy and security. Unfortunately, these uncovered chinks in the digital armor gave way to a hacker attack. The as-yet-unknown cybercriminals used these flaws to target employees of Coinbase, a crypto exchange. Fortunately, Coinbase was able to fight off the attack, and Mozilla patched the bug quickly.
What is most interesting about this attack is that macOS’ native protection mechanisms didn’t catch it. Here’s why.
The two flaws found in Firefox are categorized as zero-day vulnerabilities. This means they were known to the attackers but not to Mozilla, the browser’s developer. Thus, the latter had literally zero days to prevent the attack.
The first bug allowed remote code execution, so that the hackers could remotely run malicious code within Firefox. Another vulnerability allowed them to move further and execute their code on a user’s operating system.
In order to effectively exploit these vulnerabilities, hackers needed efficient malware. To deliver it, they sent scam emails to Coinbase experts. For malware they chose what is now identified as OSX.Netwire.A. In this detailed research, Patrick Wardle, a cybersecurity expert, explains how this malware (or at least its predecessor) actually has been known to Apple since 2012. Still, macOS’ native protection mechanisms, namely Gatekeeper and XProtect, could have only recognized OSX.Netwire.A if had been downloaded by the user. As it was injected through the Firefox vulnerabilities, it went undetected by these security systems.
So, what does this virus do? “Basically, it can collect information, create screenshots, and even execute arbitrary code in user computers. In the recent attack, the aim was to steal logins and passwords of the employees of Coinbase and, probably, other organizations.” Oleh Levytskyi, Analyst for MacKeeper Anti-Malware Lab explains. “Fortunately, they recognized the attack. Now the command-and-control server—the ‘heart’ of the attack—is down, so this threat is largely neutralized.”
Many users would like to know how to upgrade Mozilla Firefox to a safe version. Conveniently, Mozilla can apply security updates automatically, so you only have to restart Firefox to receive the newest version.
How is this important to you?
This case is one in a long string of incidents involving well-known digital products, which we all would like to count on in terms of security. Some recent scandals with services like WhatsApp and Instagram prove that users can’t be 100% sure about any popular product they use.
What is more, Mac users can’t fully rely on the system’s added protection mechanisms. Strong as they are, they’re still vulnerable to exploits similar to this recent one.
As a result, you need to take additional steps to protect yourself, and the MacKeeper team is here to back you up.
How MacKeeper can help
Our team keeps an eye on any new viruses out there in order to include their technical descriptions into MacKeeper and be able to detect and ultimately eliminate them.
“It is our primary goal to react quickly to all the new threats on the web. Thus, we do our best to constantly update MacKeeper and provide the best protection for our users,” says Tatiana Pyasetskaya, MacKeeper Product Manager.
The newest version of MacKeeper can protect you from the malware used in this recent Firefox virus attack as well as from multiple other threats. Just make sure you have the proper MacKeeper version: