It has recently been reported that the Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications. The patch was part of the non-profit’s Monday update to Firefox 88 and its corporate Firefox ESR 78.10 browser and its Thunderbird 78.10 email client. In total, Firefox 88 addresses 13 browser bugs, six of which are rated high-severity.
<p>For adversaries to successfully adopt an icon that is so well established for both safety and security as a tool for deception, is extremely unsettling. The secure-lock-icon is a symbol computer users are specifically taught to identify when establishing the legitimacy of a site. For attackers to successfully implement a symbol, which is held to such a high standard for computer security, on a malicious site is a tactic which shall be sure to capture the attention of other malicious operatives to arrogate as part of their own toolsets.</p> <p> </p> <p>For Firefox users, it is essential that the recent Firefox 88 update is implemented to ensure users do not fall victim to this technique. We have recently seen an uptick in sophisticated threat groups adopting proficient imagery spoofing techniques to deceive victims. Just this week, another campaign disseminated by the infamous Lazarus group has been uncovered utilising BMP imagery to disseminate their malicious tooling.</p>