According to ZDNet, hackers have been attempting to phish Coinbase staff with emails containing links to malicious websites. If links were clicked when using Firefox, it would automatically download and run malware on the system, stealing browser passwords and other sensitive data.
Selena Deckelmann, senior director for Firefox browser engineering, previously told Hard Fork: “On Monday, June 17, 2019, Coinbase reported a vulnerability used as part of targeted attacks for a spear phishing campaign. In less than 24 hours, we released a fix for the exploit.”
Firefox‘s version 67.0.4 fixes a separate “zero-day” vulnerability used as a “sandbox escape” when exploiting the flaw disclosed on Monday.
The attacker’s apparent end-game has been to break into Coinbase‘s backend network to steal funds from the cryptocurrency exchange directly, but employees have reportedly blocked all attempts so far (and now with Mozilla‘s latest patch, they should be out of luck).
It’s still unclear exactly how the hackers discovered the vulnerabilities. Even more worrisome, a Coinbase representative told reporters the attacks happened for weeks before they were detected.
The spokesperson also confirmed the hackers have targeted users of other cryptocurrency services, unlike the Coinbase attacks, which seem to strictly concern staff.
With this in mind, Firefox users are advised to update their browsers immediately to the latest version.