Mozilla Firefox Malware Plugins Plague The Official Repository
NEWS

Mozilla Firefox Malware Plugins Plague The Official Repository

Security researchers report that there is a currently a new attack campaign of malicious plugins that are being uploaded to the official repository of the Mozilla Firefox browser. They pose as legitimate and popular services and take both on their names and descriptions.




Microsoft Firefox’s Repository Under Attack By Malware Plugins

Security reports indicate that the repository of the Mozilla Firefox web browser is actively being attacked by various hacker groups that attempt to upload malware plugins, alternatively known as hijackers. The worrying fact is that a small number of them have been allowed on the plugin store. Even though the Mozilla moderation team is actively sweeping the dangerous ones there are several hijackers that have been allowed on the store for a longer duration: “Adobe Flash Player”, “ublock origin Pro”, and “Adblock Flash Player”.

Related:
The popular Flipboard online service has been hacked by an unknown criminal collective, read more about the incident in our article
Flipboard Hacked: Criminals Acquired Account Data

The hijackers pose as being posted by legitimate developers and may include elaborate descriptions and fake user reviews in order to lure in more users. Such phishing scams make it be hard to distinguish the fake releases from the original ones as there may be very subtle differences. For example this can the different file name of the provided package — symbols or version numbers may be added that may not correspond to the legitimate release.

To a large extent the filtering of possibly malicious content uploaded to the repository is monitored by automated filters that can be bypassed if certain weaknesses in the system are found. However soon after upload human-made checks can be made. We recommend that all users carefully review what plugins they have installed and verify if they are signed by a legitimate developer.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...