Mozilla is warning of an ongoing phishing campaign targeting developers of Firefox add-ons.
The browser maker urged devs to "exercise extreme caution and scrutiny" when reviewing seemingly legitimate emails from senders pretending to be Mozilla or AMO (addons.mozilla.org).
Although phishing emails can take many forms, Moz said this campaign usually lures devs into clicking through a malicious link to update their account. Failure to do so, or so the crims claim, would result in the dev losing access to developer features.
The company did not specify the motivations behind the phishing attacks, although it can be reasonably assumed that if developers are being targeted, gaining access to trusted developer accounts is likely the game plan.
Mozilla was also quiet on the scale and success of the phishers' efforts thus far, but given the spate of scammy extensions targeting crypto users of late, gaining access to trustworthy developer accounts could be used to push more of these credential-stealing add-ons.
Lukasz Olejnik, an independent security and privacy researcher, said there are many of these extensions about, with new ones popping up regularly. Their primary aim is to steal seed phrases, which can be used to remotely recover and take control of wallets.
"It's a constant cat-and-mouse game: attackers upload them, browser vendors try to catch and remove them, only for new versions to pop up again," he blogged.
"At this point, it's safest to assume that most crypto-related Firefox extensions contain malware. Especially those that are new, or have few users. In fact, every such extension should be considered compromised by default and avoided completely. Stay alert."
Koi Security published research in July that found more than 40 malicious Firefox add-ons were being used as part of a single campaign, all designed to steal crypto wallet credentials.
They appear to be legitimate wallet tools developed by trusted crypto wallet brands such as Coinbase, MetaMask, OKX, and more, but once installed, they silently exfiltrate wallet secrets, like seed phrases.
... continue reading