Android Firefox Zero-Day exploit available on the underground

A new Android Firefox Zero-Day Exploit is available on the underground market for sale, a Russian exploit writer known as “fil9” has proposed it in the open exploit market with a starting price of $460.

 

The deploy and execution of a malicious app is possible only if users allow installation of Android apps (APKs) from unknown sources, a wrong choice to keep secure the Android mobile.

“The biggest problem in this situation is that Firefox automatically executes certain known files once they’re downloaded, and doesn’t give users an option to disable this. Without some sort of prompt, users have no idea that an external app has just been executed.” states the post.

The exploit could be served by luring victims with social engineering techniques, such as phishing, getting the user to click a compromised link.

Following the POC video waiting for the fixing of the Android Firefox Zero-Day vulnerability, in the video Russian hacker fil9 shows the exploit in action, ‘downloading and installing what appears to be an update for Firefox. However, when the “update” is executed automatically, viewers can see the potential for malicious code to be inserted.’