Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Firefox Add-On. Show all posts

Malicious Add-Ons Blocked by Mozilla Firefox

 

The Mozilla Firefox team recently restricted add-ons that have been misusing the proxy API, preventing approximately 455,000 users from upgrading their browsers. 

Mozilla's development team members Rachel Tublitz and Stuart Colville claimed in a Monday post that they had found the rogue add-ons in early June. The add-ons were exploiting the proxy API, that is used by APIs to manage how Firefox connects to the internet. 

Add-ons are advanced software pieces that may be installed to Firefox or other programs to personalize the browser by performing things like limiting tracking, removing advertisements, downloading movies from websites, or translating information. 

However, from the other extreme, they may be malicious tiny creatures that install malware, such as the 28 Facebook, Vimeo, Instagram, as well as other add-ons discovered by experts last year in widely utilized Google and Microsoft browsers. The add-ons stole private data, seemed to have the capacity to activate more malware downloads, and altered links that victims clicked on to send them to phishing sites and advertisements. 

The Firefox team stated that the problematic Firefox add-ons discovered in June, dubbed Bypass and Bypass XM, were intercepting and redirecting users from downloading updates, accessing updated blocklists, and upgrading remotely set material. Mozilla has banned the rogue add-ons from being downloaded by more users. 

According to a blog post, Mozilla is now accepting new applications. The document also includes suggested parameters for Firefox add-on developers to assist accelerate add-on evaluation. 

Mozilla has also altered how well the browser handles key queries such as update requests. Beginning with Firefox 91.1, if an essential demand is performed through a proxy configuration that fails, Firefox will fall back on direct connections. 

“Ensuring these requests are completed successfully helps us deliver the latest important updates and protections to our users,” the Firefox developers said. 

To prevent such fraudulent add-ons, the team had installed a system add-on called Proxy Failover (ID: proxy-failover@mozilla.com). System add-ons — a means to ship Firefox extensions – are hidden, cannot be disabled, and may be updated without restarting the browser. According to Mozilla, Proxy Failover is now available in both current and older Firefox versions. 

Anyone who isn't using the newest version and hasn't disabled updates should check to see if they've been impacted by the malicious add-ons, according to Mozilla. The very first step is to attempt an upgrade of Firefox: Recent versions have an upgraded blocklist that removes harmful add-ons automatically.

A Malicious Firefox Add-On Targets Cryptocurrency Users

 

Covid-19 pandemic has turned the world upside down in the last year and a half, leaving us with no option but to rely more on digital solutions – from using food delivery to online banking. Needless to say, the more one relies on the digital world, the more vulnerable one becomes to online scams. 

Now, scammers are targeting cryptocurrency users via a Firefox add-on named after SafePal. Dozens of Firefox users have fallen prey to an add-on masquerading as a valid extension of the SafePal cryptocurrency hardware wallet. What’s surprising is that this malicious add-on has lived on Mozilla’s Firefox web browser for almost seven months. 

SafePal is a cryptocurrency wallet application capable of safely holding over 10,000 asset types, including Bitcoin, Ethereum, and Litecoin. It is backed by Binance and it is now being used by over 2 million users in over 146 countries across the globe. While Safepal has official smartphone apps available on both the Apple AppStore and Google Play, no genuine Safepal extensions are known to exist for the Firefox browser. 

The issue was highlighted by one of the victims, named Cali, in Firefox support group. “Today I browsed true the add-on list of Mozilla Firefox I was searching for Safepal wallet extension to use my cryptocurrency wallet also in the web browser. So, my searching ended on the following page: https://addons.mozilla.org/nl/firefox/addon/safepal-wallet/ 22,” she wrote on the support page.

“8 hours later I checked if my funds were still saved on my phone software wallet also from Safepal I saw nothing $0,- balance I was deep in shock I saw my last transactions and saw that my funs ($4000),” she added.

As reported on the Safepal Wallet home page, the add-on was released on 16 February 2021. The same page says that the 235 KB add-on is a Safepal application that securely "saves private key locally." It also has product images and convincing-looking marketing materials.

In order to publish an add-on on Mozilla's website, developers are required to follow a thorough submission process. Firefox’s developer platform says that the submitted add-ons are "subject to review by Mozilla at any time." However, the extent of such a review isn’t specified, nor has Mozilla explained how the fake add-on managed to get listed. 

Fortunately, Mozilla Firefox has taken down the extension. “When we become aware of add-ons that pose a risk to security and privacy according to our Add-on Policies, we take steps to prevent them from running in Firefox. In this instance, shortly after we became aware of potential abuse by this extension, we took action to block and remove it from the Firefox Add-on store," a Mozilla spokesperson stated.