Security researchers report that there is a currently a new attack campaign of malicious plugins that are being uploaded to the official repository of the Mozilla Firefox browser. They pose as legitimate and popular services and take both on their names and descriptions.
Microsoft Firefox’s Repository Under Attack By Malware Plugins
Security reports indicate that the repository of the Mozilla Firefox web browser is actively being attacked by various hacker groups that attempt to upload malware plugins, alternatively known as hijackers. The worrying fact is that a small number of them have been allowed on the plugin store. Even though the Mozilla moderation team is actively sweeping the dangerous ones there are several hijackers that have been allowed on the store for a longer duration: “Adobe Flash Player”, “ublock origin Pro”, and “Adblock Flash Player”.
The hijackers pose as being posted by legitimate developers and may include elaborate descriptions and fake user reviews in order to lure in more users. Such phishing scams make it be hard to distinguish the fake releases from the original ones as there may be very subtle differences. For example this can the different file name of the provided package — symbols or version numbers may be added that may not correspond to the legitimate release.
To a large extent the filtering of possibly malicious content uploaded to the repository is monitored by automated filters that can be bypassed if certain weaknesses in the system are found. However soon after upload human-made checks can be made. We recommend that all users carefully review what plugins they have installed and verify if they are signed by a legitimate developer.