The majority of the hackers won’t look beyond exploiting the basic weaknesses in web browsers, but one hacker collective has gone a step further. According to Kaspersky, Turla, a Russian group, has attempted to fingerprint TLS-encrypted web traffic by modifying Chrome and Firefox.
The group first contaminates systems through a remote access trojan, modifying the browsers. First by installing their certificates (to intercept TLS traffic from the host) and afterward connecting the pseudo-random number generation that conveys TLS connections. That allows them to add a fingerprint to every TLS action and inertly track secure traffic.
The motives of these hackers are unclear as of yet and if your system is infected with this, you don’t need to patch the browser to spy on traffic. According to reports, it might be a foolproof method to let them spy on traffic on users who remove the virus but don’t reinstall their browsers.
The hacker collective is easier to identify with Turla through to be protected by the Russian government and the targets in the start are based in Russia and Belarus.