Security researchers at Trendmicro have discovered a spyware that is installing itself as an add-on in the popular web browser Firefox. The add-on, which is then listed in the Firefox add-on list, is named Adobe Flash Player 0.2. This add-on uses a description that links itself to Adobe Flash Player 10, that looks legit at first glance. Only the low version number and the fact that it is listed under extensions and not plugins could cause suspicion by Firefox users who pay attention.
The spyware add-on itself is distributed through forums and websites but not the main Firefox add-on repository. Users are once again reminded to only install add-ons from trustworthy sources.
The spyware add-on injects ads into Google search results pages. More disturbing than that is the fact that the Google search history gets transferred to a third party website that is (most likely) run by the developers of the spyware add-on. This means that every Google search query is transferred to the third party server.
Trendmicro suspects a change in criminal behavior. The web browser that was targeted the most in past years was Microsoft’s Internet Explorer. The user increase of Firefox makes it the second most popular web browser after Internet Explorer and some spyware developers might have decided that the critical mass is large enough to develop spyware for that web browser as well. Via Trendmicro, thanks Jojo for the news.
Update: The situation is about to change. Mozilla has announced protections against third party add-on installations in the Firefox browser that can prevent the majority of insertions in the browser. Firefox users are still asked to only use the official Mozilla Add-on repository for add-on installations. Red flags should go up if an add-on is only available on third party websites and not the official Mozilla site. Mozilla checks every add-on, and even every new version of that add-on, before it becomes available publicly in the repository.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Spyware Blaster Blocks Spyware Related Threats PassivelyA Close Look At Adobe Flash Player 10.3 Beta
Adobe Flash Player Security Update Available
Adobe Reader, Acrobat and Flash Player Zero Day Vulnerability
How To Open The Adobe Flash Player Settings In Google Chrome
And THIS is why Opera is refusing to open up for extension!!
@ Steinsk — and Fx too… with 4s delay to install it or cancel… of course if you know what are you installing…
and firstly Opera didnt have extensions… ;)
So who is collecting the search results? Can we trace it back to an author so the authorities can press criminal charges? Will Mozilla blacklist this extension (via checksum) so it CAN’T be installed? What can we do?
Probably using a hacked server for that purpose.