Russian Hacker put up an Android Firefox Zero-Day Exploit for Sale


A Russian Exploit writer and underground Hacker who goes by the handle “fil9” put up an Android Firefox Zero-Day Exploit for Sale in an open Exploit Market.
Author claims a Zero Day vulnerability in Firefox for Android, which works on Firefox versions 23/24/26 (Nightly).
The advertisement was spotted by Joshua, Malware Intelligence Analyst at Malwarebytes. Hacker Selling exploit with a starting price of $460 only.
According to the proof of concept video uploaded by the Hacker, the exploit forces the mobile Firefox browser to download and execute a malicious app, on just visiting a malicious link only.

What’s worrisome is that many major websites are compromised frequently and a large number of visitors of those hacked sites can fall victim to this attack.

The biggest problem in this situation is that Firefox automatically executes certain known files once they’re downloaded, and doesn’t give users an option to disable this. Without some sort of prompt, users have no idea that an external app has just been executed.” Joshua explained.
An attacker can use social engineering tricks, phishing attackers get the user to click a malicious link and thereby exploiting them.
Android Firefox users are recommended to switch to an alternate browser, until Mozilla patches the vulnerability.
About these ads

One thought on “Russian Hacker put up an Android Firefox Zero-Day Exploit for Sale

  1. Pingback: Slate.com: Should the secretive hacker zero-day exploit market be regulated? | Software Bodyguard Blog for IT Security Protection

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s