Hackers have figured out a way to upload a malicious ad to websites that steals files stored on Firefox users’ computers when the ad is clicked. The files are then uploaded to a server that security experts believe is in Ukraine.
The campaign was uncovered by Mozilla security lead Daniel Veditz in a blog post.
“A Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine,” the blog post read.
Veditz said the extent and purpose of the attack remains unknown as it uses advanced evasion techniques, though it is likely other services are hosting the dangerous ad.
“The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news site, though of course we don’t know where else the malicious ad might have been deployed,” noted Veditz.
While the number of websites affected remains unknown, its potential for harm is high. Firefox is listed by analytics firm StatCounter as the third-most used web browser in the world. StatCounter currently lists Firefox as controlling 16% of the browser market.
Veditz said the nature of the exploit means Firefox users that fall victim to the campaign will have no clue their data has been stolen and should preemptively change their passwords.
“The exploit leaves no trace it has been run on the local machine. If you use Firefox on Windows or Linux it would be prudent to change any passwords,” he said.
The fix for the vulnerability is available now and Firefox users are recommended to update their browser as soon as possible.
The Firefox attack is one of many recently uncovered espionage campaigns. Researchers at FireEye uncovered a surveillance operation targeting iPhone users earlier this week. The campaign let hackers install dodgy data harvesting apps on non-jailbroken iPhones without the user’s consent.