Left: Real manifest.json Right: Fake manifest.json This allows the extension to load scripts into the browser and potentially modify what the user sees and interacts with on various web pages. In this attack, this modified file widened the scope by adding content scripts. The manifest.json file in web extensions states explicit permissions and scope of activity the web extension will commit. Including details like normal extensions in the trojanized version of Tor could prevent eagle-eyed users from catching red flags that indicate they’re using a fake browser. The attackers used a fake HTTPS Everywhere extension in their campaign because Tor does in fact package the HTTPS Everywhere and No Script extensions into its browser. In this case, attackers also faked EFF’s own HTTPS Everywhere extension using a modified manifest.json file with a few settings changes. It only means that attackers found a new, insidious way to create and distribute a fake version of the Tor Browser. This does not mean that Tor or Tor Browser itself is compromised in any way. ESET researchers recently discovered a false “ trojanized ” version of Tor Browser that collectively stole $40,000 USD in Bitcoin.
0 Comments
Leave a Reply. |