Edition Zdnet noticed that over the past two weeks, Mozilla experts have blocked 197 add-ons for Firefox, which were caught executing malicious code, stealing user data and using obfuscation to hide the source code. Extensions were blocked and removed from the Mozilla Add-on (AMO) portal, and were also disabled in the browsers of the users who installed them.
Mostly bans touched 2Ring products: these developers owned 129 malicious extensions. Basically, company add-ons downloaded and executed code from a remote server, whereas, according to Mozilla's rules, extension code should not be dynamically loaded from remote locations.
A similar ban due to the loading and execution of remote code in user browsers was imposed on six addons developed by Tamo Junto Caixa, and more three extensionsI, who turned out to be fakes for unnamed premium products.
Also, a wave of bans touched extensions that were engaged in the illegal collection of user data. Mozilla has blocked one for this reason. unnamed extension, and WeatherPool and Your Social, Pdfviewer – tools, Roolitrade and Rolimons Plus.
There were bans for "malicious behavior." Mozilla engineers blocked because of this 30 addons. So far, Mozilla lists only the identifiers of these add-ons, and not their names, that is, developers can still appeal the bans and eliminate the "malicious behavior".
One of the add-ons that already went through the appeal process was Like4Like.org, whose developers were accused of collecting and transferring to the side the credentials of users and tokens of social networking sites. Suspicious behavior was also seen in FromDocToPDF extension, which, according to Mozilla engineers, uploaded some remote content to a new Firefox tab. Addon Fake youtube downloader, in turn, was banned for trying to install malware into users ’browsers. EasySearch add-ons for Firefox, EasyZipTab, FlixTab, ConvertToPDF and FlixTab Search were banned due to collection custom searches.
In addition, Mozilla security officials banned several stages dva, nineb and three more extensions that used various techniques to obfuscate their source code. The fact is that usually add-on developers make it difficult to read code in such a way as to hide suspicious behavior.