The Chinese hacking group, tracked as TA413, used a malicious Firefox add-on in a cyberespionage campaign aimed at Tibetans. The attack chain begins with spear-phishing email messages that attempt to trick victims into visiting websites that asked them to install a Flash update to view the sites content. Researchers from Proofpoint discovered that the websites were set up to serve the malicious add on only to Firefox users with an active Gmail session. Once installed the FriarFox browser extension, attackers gained access to the user’s Gmail account and FireFox browser data.”]
Source: https://securityaffairs.co/wordpress/115030/apt/china-ta413-targets-tibet.html