- Mozilla is warning its dev community of an ongoing attack
- The attackers want access to the devs’ accounts
- Tainting browser addons with malware could be the play here
Mozilla is warning its developer community they are at risk of being targeted by devious new phishing attacks urging them to “exercise extreme caution and scrutiny” when receiving emails claiming to have come from either Mozilla, or AMO (addons.mozilla.org).
“Phishing emails typically state some variation of the message “Your Mozilla Add-ons account requires an update to continue accessing developer features,”” the company said in its description of what the targets could expect.
The company did not say who the threat actors are, what they’re looking to achieve, or how successful they are – however, given browser add-on developers are being targeted, it’s safe to assume the miscreants are looking for a way to compromise the products with malware.
Supply chain attacks
Browser add-ons are tiny programs that add extra features or functions to a web browser, and users usually install them to customize or enhance their browsing experience.
Some of the most popular addons include ad blockers, spelling and grammar checkers, password managers, screenshot tools, and VPNs or privacy tools.
By tainting the solutions with malware, cybercriminals can engage in supply chain attacks, gaining access to people’s bank accounts, social media accounts, cryptocurrency tokens and NFTs, passwords, session cookies, and more.
It’s a common attack vector, too. Less than a month ago, it was reported that many Chrome and Edge addons, including several prominent products, were found spying on users and communicating with a third-party server.
At the time, security researchers from Koi Security reported that a seemingly benign Chrome add-on called “Color Picker, Eyedropper — Geco colorpick”, which allows users to quickly identify and copy color codes from any point within their browser, was secretly a malware.
While working as advertised, and having thousands of downloads and positive reviews, the add-on also did something in the background – it hijacked browser activity, tracked the websites users were visiting, and communicated with remote C2 infrastructure.
This discovery led them down a path that uncovered an entire web of add-ons, all doing similar things.
Via The Register
