Comment by gus_

absolutely. These attacks will evolve for sure, like the malware evolved on Microslop for years.

But for the time being, the common entry vector is clear:

https://github.com/evilsocket/opensnitch/discussions/1119

> 2) trigger a tab open to attacker's website

be sure not to use extra cli parameters like "firefox --new-tab <url>", because if the rule is filtering by process path + cmdline it'll trigger a pop-up to allow the outbound request.