A security researcher has discovered a web attack framework developed by a suspected Chinese government hacking group and used to exploit vulnerabilities in 58 popular websites to collect data on possible Chinese dissidents. From a report: Fifty-seven of the sites are popular Chinese portals, while the last is the site for US newspaper, the New York Times. In addition, the tool also abused legitimate browser features in attempts to collect user keystrokes, a large swath of operating system details, geolocation data, and even webcam snapshots of a target’s face — although many of these capabilities weren’t as silent as the exploits targeting third-party websites, since they also tended to trigger a browser notification prompt.
Named Tetris, the tool was found secretly uploaded on two websites with a Chinese readership. “The sites both appear to be independent newsblogs,” said a security researcher going online under the pseudonym of Imp0rtp3, who analyzed the Tetris attack framework for the first time in a blog post earlier this month. “Both [sites] are focused on China, one site [is focused on China’s] actions against Taiwan and Hong-Kong written in Chinese and still updated and the other about general atrocities done by the Chinese government, written in Swedish and last updated [in] 2016,” the researcher said. According to Imp0rtp3, users who landed on these two websites were first greeted by Jetriz, the first of Tetris’ two components, which would gather and read basic information about a visitor’s browser.
Read more of this story at Slashdot.