Firefox Spyware Add-On Adobe Flash Player 0.2 - gHacks Tech News

Firefox Spyware Add-On Adobe Flash Player 0.2

Security researchers over at Trendmicro have discovered a spyware that is installing itself as an add-on in the popular web browser Firefox.

The add-on, which is then listed in the Firefox add-on manager, goes by the name Adobe Flash Player 0.2. This add-on uses a description that links itself to Adobe Flash Player 10 which makes it look legit on first glance.

Only the low version number and the fact that it is listed under extensions and not plugins may cause suspicion by Firefox users who pay attention.

The majority of users on the other hand may not pay attention to the version number at all assuming that this is just part of Adobe Flash Player now.

The spyware add-on itself is distributed through forums and websites but not the main Firefox add-on repository. Users are once again reminded to only install add-ons from trustworthy sources.

adobe flash player 02

The spyware add-on injects ads into Google search results pages. More disturbing than that is the fact that the Google search history gets transferred to a third party website that is (most likely) run by the developers of the spyware add-on. This means that every Google search query is transferred to the third party server where it is processed and likely sold to the highest bidder or used to display targeted ads to the user.

Trendmicro suspects a change in criminal behavior. The web browser that was targeted the most in past years was Microsoft's Internet Explorer.

The massive number of Firefox  usersmakes it the second most popular web browser after Internet Explorer and some spyware developers may have decided that the critical mass is large enough to develop spyware for that web browser as well. (Via Trendmicro, thanks Jojo for the news).

Update: The situation is about to change. Mozilla has announced protections against third party add-on installations in the Firefox browser that can prevent the majority of insertions in the browser.

Firefox users are still asked to only use the official Mozilla Add-on repository for add-on installations.

Red flags should go up if an add-on is only available on third party websites and not the official Mozilla site. Mozilla checks every add-on, and even every new version of that add-on, before it becomes available publicly in the repository.

Update 2: Firefox blocks add-on installations from third-party sites right now but gives users options to override this to install add-ons anyway. The organization announced that it plans to introduce add-on signing requirements in 2015 to deal with the issue once and for all.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Steinsk said on September 2, 2009 at 10:14 am
    Reply

    And THIS is why Opera is refusing to open up for extension!!

  2. Virtual_ManPL said on September 2, 2009 at 3:45 pm
    Reply

    @ Steinsk — and Fx too… with 4s delay to install it or cancel… of course if you know what are you installing…
    and firstly Opera didnt have extensions… ;)

  3. Doc said on September 2, 2009 at 6:58 pm
    Reply

    So who is collecting the search results? Can we trace it back to an author so the authorities can press criminal charges? Will Mozilla blacklist this extension (via checksum) so it CAN’T be installed? What can we do?

    1. Martin said on September 2, 2009 at 7:13 pm
      Reply

      Probably using a hacked server for that purpose.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.