Mozilla Firefox Extensions Store Hit by Malware Add-ons

[labbe5]

https://www.ghacks.net/2019/05/29/anoth ... ons-store/

Extensions like Adobe Flash Player or ublock Origin Pro are listed in the Mozilla AMO store currently. These have no users at the time of writing as they are brand new and they appear to have been created and uploaded by random users.

The uBlock copycat extension sends form data to a web server, the first Adobe Flash Player copycat that I checked logged all keyboard inputs and did the same.

[bigpup]

This tells you why it is happening.

Mozilla switched from a "review first, publish second" to a "publish first, review second" model in 2017. Any extension uploaded to Mozilla AMO that passes automated checks is published first with the exception of extensions of the Firefox Recommended Extensions program.

Google does the same thing but does not even review extensions manually after publication. The process leads to faster publications but also opens the door for spam and malicious extensions.

[Lobster]

Does anyone know if the PaleMoon extensions are any better?

'My' computer may have been compromised by it trying to install Flash (not the saviour of the universe as previously advertised/compromised)

[8Geee]

C'mon back to Firefox27... you know you like it

[musher0]

Use links?

[slavvo67]

And... this is why we do not partake of add-ons.

[8Geee]

Using the 'linux' platform for the addons reveals none of the offensive malwarez. It didn't take more than ONE WEEK to filter out the scum and crap. But as noted, its after-the-fact.
And that isn't really of any help.

Regards
8Geee