Users who set their language settings in their browser to Chinese and who visited popular Chinese websites in the past few months were at risk of being spied on. An IT security expert with the pseudonym Imp0rtp3 has found a “Tetris” framework for a large-scale web attack with which security gaps on 58 popular portals could be exploited. 57 of them are in Chinese. The only affected English language offering is the New York Times website.
The attackers could according to the researcher’s analysis also misuse legitimate browser functions with the instrument in order to collect keystrokes from the user, a variety of operating system details, location data and even recordings of the target person’s face via an installed webcam. More conspicuous, however, were the exploits aimed at vulnerabilities in third-party web portals: These usually also triggered a notification request via the browser.
Protection with NoScript
Imp0rtp3 came across the spy tool on two news blogs with a Chinese readership. One page, which is still regularly updated, was directed at activities by the Chinese government against Taiwan and Hong Kong. On the other portal, written in Swedish, general atrocities of the communist regime were discussed until 2016. Readers were initially “welcomed” by the first of the two Tetris components in the form of Jetriz. This component has collected and read out the basic information about the visitor’s browser.