Jump to content

A wave of malware add-ons hit the Mozilla Firefox Extensions Store


Recommended Posts

A wave of malware add-ons hit the Mozilla Firefox Extensions Store

If you browse the official Mozilla store for Firefox extensions, called Mozilla AMO, you may stumble upon extensions that have names of popular software products or extensions.

 

Extensions like Adobe Flash Player or ublock Origin Pro are listed in the Mozilla AMO store currently. These have no users at the time of writing as they are brand new and they appear to have been created and uploaded by random users (Firefox user xyz).

 

firefox extensions spam

 

The extensions have no description and they require access to all data for all websites. When you download the extensions, you may notice that the name of the extension does not necessarily match the downloaded file name. The download if ublock origin pro returned a adpbe_flash_player-1.1-fx.xpi file.

 

The actual extensions have different file sizes and their functionality may differ as well. All have in common that they listen to certain user inputs and send these to a third-party web server.

 

The uBlock copycat extension sends form data to a web server, the first Adobe Flash Player copycat that I checked logged all keyboard inputs and did the same.

 

Mozilla will remove the extensions once it notices them. The problem here is that this happens after the fact. The spam extensions may turn up in user searches and they also turn up when you sort by recent updates.

 

Mozilla switched from a "review first, publish second" to a "publish first, review second" model in 2017. Any extension uploaded to Mozilla AMO that passes automated checks is published first with the exception of extensions of the Firefox Recommended Extensions program.

 

Google does the same thing but does not even review extensions manually after publication. The process leads to faster publications but also opens the door for spam and malicious extensions.

Closing Words

Malicious or spam extensions that use the names of popular extensions or programs are not anything new. Mozilla's AMO store was hit with waves of spam extensions in 2017 and 2018, both happened after Mozilla switched the release process.

 

Google's Chrome Web Store was hit even harder by unwanted extensions in recent years. Chrome's popularity and the fact that Google does not review any extensions manually by default play a role here.

 

While it is easy to spot these particular fake extensions, others may not be as easy to spot. Back in 2017 I suggested Mozilla add a "manual reviewed" batch to extensions to give Firefox users more confidence in the legitimacy of extensions on the official add-ons repository.

 

Source: A wave of malware add-ons hit the Mozilla Firefox Extensions Store (gHacks - Martin Brinkmann)

  • Like 3
Link to post
Share on other sites
  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

  • Karlston

    1

Popular Days

Top Posters In This Topic

Popular Posts

A wave of malware add-ons hit the Mozilla Firefox Extensions Store If you browse the official Mozilla store for Firefox extensions, called Mozilla AMO, you may stumble upon extensions that hav

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...