CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Password Stealing Firefox Add-On Surfaces

A malicious Firefox add-on was discovered this week that managed to be uploaded to and hosted on the official Mozilla Add-ons site.

Mozilla Sniffer Add-On

A malicious Firefox add-on was discovered this week that managed to be uploaded to and hosted on the official Mozilla Add-ons site.

Mozilla Sniffer Add-On

A Firefox add-on called “Mozilla Sniffer” had been uploaded to the addons.mozilla.org site on June 6th and identified as malicious and removed on July 12th. The “Mozilla Sniffer” add-on was programmed to capture login data submitted to any Web site and send this data to a remote server controlled by cybercriminals. When discovered, the add-on was promptly disabled and added to the Firefox “Add-On Blocklist,” which should prompt users to uninstall the malware which solves the problem.

Mozilla recommends that anyone who has installed the Mozilla Sniffer add-on change their passwords as soon as possible.

Mozilla said that “Mozilla Sniffer” was downloaded approximately 1,800 times and as of July 13th, shows 334 active daily users. Mozilla also noted in a blog post that the server which was set to receive the captured data seems to be down, so it is unknown if data is still being collected.

Mozilla is developing a new security model for addons.mozilla.org that will require all add-ons to be code-reviewed before they are discoverable in the site.

Resource: Netcraft has an interesting article with some more technical analysis and information on the discovery

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.