Ransomware

Mozilla Warns of Fake Thunderbird Downloads Delivering Ransomware 

Mozilla issues warning over fake Thunderbird downloads after a ransomware group was caught using this technique to deliver malware.

Mozilla issues warning over fake Thunderbird downloads after a ransomware group was caught using this technique to deliver malware.

Mozilla issued a warning this week over malicious websites offering Thunderbird downloads after a ransomware group was caught using this technique to deliver malware.

Cybersecurity journalist Brian Krebs reported last week that a website where the Snatch ransomware group names victims had been leaking data, including visitor IPs and information on internal operations.

According to Krebs, the leaked data suggests that the Snatch cybercrime group has been using paid Google ads to deliver its malware disguised as popular applications such as Adobe Reader, Discord, Microsoft Teams, and Mozilla Thunderbird. 

Following Krebs’ findings, Mozilla issued a ‘ransomware alert’ this week, advising users to only download Thunderbird from trusted websites.

Mozilla noted that it’s actively trying to take down malicious websites offering Thunderbird, but they are hosted in Russia, which makes takedowns “difficult and often not effective”.

Thunderbird has a market share of less than one percent in the email client category. However, that still translates to a significant number of individuals and organizations, which could be targeted by the Snatch ransomware.

The US government issued an alert recently, warning critical infrastructure organizations of ongoing Snatch ransomware attacks.

Related: FBI Warns Organizations of Dual Ransomware, Wiper Attacks

Advertisement. Scroll to continue reading.

Related: After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery

Related: Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird

Related Content

Ransomware

The US is offering big rewards for information on LockBit cybercriminals as law enforcement claims to have identified some individuals.

Ransomware

Ransomware insights: When ransomware first appeared, the term became associated with encrypting data. This is a misconception.

Ransomware

German control system solutions provider PSI Software says it is still recovering from a ransomware attack.

Threat Intelligence

The ransomware threat is declining as actors pivot to infostealing, according to IBM, which says that attacks on cloud services and critical infrastructures are...

Ransomware

Cactus ransomware has added Schneider Electric to its leak site, claiming to have stolen 1.5 terabytes of data.

Ransomware

The LockBit ransomware operation has been severely disrupted by an international law enforcement operation resulting in server seizures and arrests.

Data Breaches

The BlackCat/Alphv ransomware group has taken credit for the LoanDepot and Prudential Financial attacks, threatening to sell or leak data.

Ransomware

The US announces a $10 million reward for information on key members of the Alphv/BlackCat ransomware group.

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version