A researcher at Malwarebytes has discovered that a Russian hacker recently released an Android Firefox Zero-Day exploits on the underground.
The advertisement on the Android Firefox Zero-Day was discovered by Joshua Cannell, Malware Intelligence Analyst at Malwarebytes, on the exploit database Inj3ct0r.
The Android Firefox Zero-Day Exploit works on Firefox versions 23/24/26 (Nightly) according the Russian hacker. The author included in the advertisement a proof of concept video to show how the hacker exploits the Android Firefox Zero-Day to download and execute a malicious app, just visiting a malicious link only. This last detail on way of infection is considered really concerning due the large number of compromised websites that serve malware to a wide audience of visitors.
The deploy and execution of a malicious app is possible only if users allow installation of Android apps (APKs) from unknown sources, a wrong choice to keep secure the Android mobile.
“The biggest problem in this situation is that Firefox automatically executes certain known files once they’re downloaded, and doesn’t give users an option to disable this. Without some sort of prompt, users have no idea that an external app has just been executed.” states the post.
The exploit could be served by luring victims with social engineering techniques, such as phishing, getting the user to click a compromised link.
Following the POC video waiting for the fixing of the Android Firefox Zero-Day vulnerability, in the video Russian hacker fil9 shows the exploit in action, ‘downloading and installing what appears to be an update for Firefox. However, when the “update” is executed automatically, viewers can see the potential for malicious code to be inserted.’