From engadget.com
Many hackers won’t touch web browsers beyond exploiting their vulnerabilities, but one group is taking things one step further. Kaspersky has detailed attempts by a Russian group, Turla, to fingerprint TLS-encrypted web traffic by modifying Chrome and Firefox. The team first infects systems with a remote access trojan and uses that to modify the browsers, starting with installing their own certificates (to intercept TLS traffic from the host) and then patching the pseudo-random number generation that negotiates TLS connections. That lets them add a fingerprint to every TLS action and passively track encrypted traffic.