Watch out - those Firefox add-ons could be a real threat to your entire system, Mozilla warns

Date:
Tue, 05 Aug 2025 12:24:00 +0000

Description:
Mozilla's developer community is under attack, which means addons could be compromised.

FULL STORY ======================================================================Mozilla is warning its dev community of an ongoing attack The attackers want access
to the devs' accounts Tainting browser addons with malware could be the play here

Mozilla is warning its developer community they are at risk of being targeted by devious new phishing attacks urging them to exercise extreme caution and scrutiny when receiving emails claiming to have come from either Mozilla, or AMO (addons.mozilla.org).

Phishing emails typically state some variation of the message Your Mozilla Add-ons account requires an update to continue accessing developer features, the company said in its description of what the targets could expect.

The company did not say who the threat actors are, what theyre looking to achieve, or how successful they are - however, given browser add-on
developers are being targeted, its safe to assume the miscreants are looking for a way to compromise the products with malware . Supply chain attacks

Browser add-ons are tiny programs that add extra features or functions to a web browser, and users usually install them to customize or enhance their browsing experience.

Some of the most popular addons include ad blockers, spelling and grammar checkers, password managers , screenshot tools, and VPNs or privacy tools.

By tainting the solutions with malware, cybercriminals can engage in supply chain attacks, gaining access to peoples bank accounts, social media
accounts, cryptocurrency tokens and NFTs, passwords, session cookies, and more.

Its a common attack vector, too. Less than a month ago, it was reported that many Chrome and Edge addons, including several prominent products, were found spying on users and communicating with a third-party server.

At the time, security researchers from Koi Security reported that a seemingly benign Chrome add-on called Color Picker, Eyedropper Geco colorpick, which allows users to quickly identify and copy color codes from any point within their browser, was secretly a malware.

While working as advertised, and having thousands of downloads and positive reviews, the add-on also did something in the background - it hijacked
browser activity, tracked the websites users were visiting, and communicated with remote C2 infrastructure.

This discovery led them down a path that uncovered an entire web of add-ons, all doing similar things.

Via The Register You might also like Hackers hit SAP security bug to send
out nasty Linux malware Take a look at our guide to the best authenticator
app We've rounded up the best password managers



======================================================================
Link to news story: https://www.techradar.com/pro/security/watch-out-those-firefox-add-ons-could-b e-a-real-threat-to-your-entire-system-mozilla-warns


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)