Nearly 200 Malicious Firefox Extensions Blocked in the Last Two Weeks
According to a report by ZDNet, Mozilla has blocked 197 Firefox add-ons over the past two weeks after discovering that they executed malicious code, stole user data, or used obfuscation techniques to hide their source code. These extensions were removed from the Mozilla Add-on (AMO) portal and disabled in the browsers of users who had installed them.
Main Offenders and Reasons for Bans
The majority of the bans targeted products from the company 2Ring, which was responsible for 129 of the malicious extensions. Most of these add-ons downloaded and executed code from a remote server, which is a violation of Mozilla’s rules that prohibit extensions from dynamically loading code from external sources.
Similarly, six add-ons developed by Tamo Junto Caixa and three more that were counterfeit versions of unnamed premium products were banned for the same reason—downloading and executing remote code in users’ browsers.
Extensions Collecting User Data
The wave of bans also affected extensions that illegally collected user data. Mozilla blocked one unnamed extension for this reason, as well as the following:
- WeatherPool and Your Social
- Pdfviewer – tools
- RoliTrade
- Rolimons Plus
Other Malicious Behaviors
Mozilla engineers also blocked 30 add-ons for “malicious behavior.” At this time, Mozilla has only published the identifiers of these add-ons, not their names, allowing developers the opportunity to appeal the bans and address the issues.
One add-on that has already gone through the appeals process is Like4Like.org, whose developers were accused of collecting and transmitting users’ account credentials and social network tokens. Suspicious behavior was also observed in the FromDocToPDF extension, which reportedly loaded remote content into new Firefox tabs. The Fake Youtube Downloader add-on was banned for attempting to install malware in users’ browsers. Other extensions, including EasySearch for Firefox, EasyZipTab, FlixTab, ConvertToPDF, and FlixTab Search, were banned for collecting users’ search queries.
Obfuscated Code
Additionally, Mozilla’s security team banned two, nine, and then three more extensions in several waves for using various techniques to obfuscate their source code. Typically, add-on developers use obfuscation to make their code harder to read and to hide suspicious behavior.