Firefox Malware Extensions: New Trojans Discovered

Firefox Extension Security Concerns: Trojan Infections

Last summer, concerns were raised regarding the quality of several Google Reader Notifier extensions, the behavior of NoScript, and unwanted promotional activity from Fast Dial. It was anticipated that an extension containing a full-blown trojan would eventually surface.

Previously, the issues were limited to intrusive spam links and URL tracking, which were frustrating but didn't compromise system control. However, Mozilla Add-ons recently reported the discovery of trojans within two extensions that enabled PC hijacking.

Two add-ons in development – Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer – were identified as containing Trojan code targeting Windows users. Specifically, Version 4.0 of Sothink Web Video Downloader harbored Win32.LdPinch.gen, while Master Filer included Win32.Bifrose.32.Bifrose Trojan. Both extensions have been deactivated on the Mozilla Add-ons platform.

Users who have installed either of these extensions are strongly advised to perform a comprehensive virus scan of their computers.

A Recurring Issue with Firefox Extension Security

Rather than repeating previous criticisms, it’s important to reiterate a point made during a similar incident...

The question remains: what safeguards are in place to prevent further instances of Firefox extensions becoming malicious, incorporating tracking code, or compromising user data? This has already occurred with widely used extensions. Action is needed from Mozilla to address this vulnerability.

Mozilla currently employs automated virus scanning for extensions, and has expanded its scanning capabilities in response to this latest issue. However, this approach is insufficient.

A skilled virus developer can create customized malware that evades detection by standard commercial virus scanners. While heuristic analysis may identify rootkits and advanced techniques, it won't eliminate the problem entirely.

The Core of the Problem

The primary concern isn't necessarily a traditional virus, but the potential for malicious extensions to steal sensitive information. Consider the possibility of a native Firefox extension designed to collect and transmit all stored passwords to a malicious website.

Currently, there's no security mechanism preventing add-ons from accessing personal data stored within the browser. Furthermore, standard virus scanners are unlikely to detect native Firefox extensions written in Javascript.

A Potential Solution

While a manual code review of every extension is impractical and prone to error, implementing security layers to restrict add-on access to personal browser data—unless explicitly authorized by the user—would be a sensible step.

Protecting Yourself

Before installing any extension, carefully review user feedback and ratings. Don't rely solely on endorsements; conduct independent research to verify its legitimacy.

This principle applies to all software installations. Failing to perform a virus scan before installing applications leaves your system vulnerable to compromise. Further information can be found at: Security Issue on AMO [Mozilla Add-ons Blog]

Remember to prioritize your online security and exercise caution when adding extensions to your browser.