Android Firefox Zero day exploit up for sale by a Russian Hacker

A underground hacker from Russia with handle ‘fil9”  posted a zero day android exploit for sale. (screenshot below)

This zero day exploit works on Firefox 23/24/26 as claimed by the author. Joshua from Malwarebytes spotted this advertisement on Inj3ct0r, an exploit database, where the author was selling the zero day for $460 Us dollars.

As per Malware bytes   The exploit forces the mobile browser to download and execute a (possibly) malicious app.

fil9 shows the exploit in action, downloading and installing what appears to be an update for Firefox. However, when the “update” is executed automatically, viewers can see the potential for malicious code to be inserted.”

Android_zeroday_malware

However the user must allow installation of the app from an unknown source, which is typically not a recommended policy.

“The biggest problem in this situation is that Firefox automatically executes certain known files once they’re downloaded, and doesn’t give users an option to disable this. Without some sort of prompt, users have no idea that an external app has just been executed.” as explained by Malwarebytes.

“fil9” demonstrates using YouTube video.

Share Button

Subscribe / Share

Article by mobilesecuritythreat.com

Security by Passion !
mobilesecuritythreat.com tagged this post with: Read 115 articles by

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Monthly Newsletter

MobileSecurity Threat email subscription