Android Firefox Zero-Day exploit available on the underground

A researcher at Malwarebytes has discovered that a Russian hacker recently released an Android Firefox Zero-Day exploits on the underground.

A new Android Firefox Zero-Day Exploit is available on the underground market for sale, a Russian exploit writer known as “fil9” has proposed it in the open exploit market with a starting price of $460.

The advertisement on the Android Firefox Zero-Day was discovered by Joshua Cannell, Malware Intelligence Analyst at Malwarebytes, on the exploit database Inj3ct0r.

The Android Firefox Zero-Day Exploit works on Firefox versions 23/24/26 (Nightly) according the Russian hacker. The author included in the advertisement a proof of concept video to show how the hacker exploits the Android Firefox Zero-Day to download and execute a malicious app, just visiting a malicious link only. This last detail on way of infection is considered really concerning due the large number of compromised websites that serve malware to a wide audience of visitors.

The deploy and execution of a malicious app is possible only if users allow installation of Android apps (APKs) from unknown sources, a wrong choice to keep secure the Android mobile.

“The biggest problem in this situation is that Firefox automatically executes certain known files once they’re downloaded, and doesn’t give users an option to disable this. Without some sort of prompt, users have no idea that an external app has just been executed.” states the post.

The exploit could be served by luring victims with social engineering techniques, such as phishing, getting the user to click a compromised link.

Following the POC video waiting for the fixing of the Android Firefox Zero-Day vulnerability, in the video Russian hacker fil9 shows the exploit in action, ‘downloading and installing what appears to be an update for Firefox. However, when the “update” is executed automatically, viewers can see the potential for malicious code to be inserted.’

Pierluigi Paganini

(Security Affairs – Android Firefox Zero-Day, cybercrime, Android)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.