Malicious Software Distributed as Fake Firefox Updates
Several malicious browser add-ons for Firefox have been discovered online, being distributed through websites disguised as legitimate updates. These sites trick users by using a combination of pop-up windows and Javascript elements, according to a report by BleepingComputer.
Reporters from the publication found over 100 malicious domains, each distributing its own add-on. These harmful add-ons use names such as Time Tracking, FF Helper Checker, FF AdBlock Protection, FF Search Informer, and others.
Domains Involved in the Distribution
- protectantivirext.biz
- protecttoolext.com
- guardwebext.xyz
- websurfaid.xyz
- adblockprotectionext.biz
- helpercheckerextt.biz
Once installed, these add-ons display unwanted ads, hijack links, and launch a Monero cryptocurrency miner in the browser. Additionally, the malware blocks access to the Firefox add-ons page, making it difficult to remove.
Video Demonstration of the Attack
A video demonstrating the attack is available in the original report.