Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Password Stealing Firefox Add-On Surfaces

A malicious Firefox add-on was discovered this week that managed to be uploaded to and hosted on the official Mozilla Add-ons site.

Mozilla Sniffer Add-On

A malicious Firefox add-on was discovered this week that managed to be uploaded to and hosted on the official Mozilla Add-ons site.

Mozilla Sniffer Add-On

A Firefox add-on called “Mozilla Sniffer” had been uploaded to the addons.mozilla.org site on June 6th and identified as malicious and removed on July 12th. The “Mozilla Sniffer” add-on was programmed to capture login data submitted to any Web site and send this data to a remote server controlled by cybercriminals. When discovered, the add-on was promptly disabled and added to the Firefox “Add-On Blocklist,” which should prompt users to uninstall the malware which solves the problem.

Mozilla recommends that anyone who has installed the Mozilla Sniffer add-on change their passwords as soon as possible.

Mozilla said that “Mozilla Sniffer” was downloaded approximately 1,800 times and as of July 13th, shows 334 active daily users. Mozilla also noted in a blog post that the server which was set to receive the captured data seems to be down, so it is unknown if data is still being collected.

Mozilla is developing a new security model for addons.mozilla.org that will require all add-ons to be code-reviewed before they are discoverable in the site.

Resource: Netcraft has an interesting article with some more technical analysis and information on the discovery

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...