Security researchers over at Trendmicro have discovered a spyware that is installing itself as an add-on in the popular web browser Firefox.
The add-on, which is then listed in the Firefox add-on manager, goes by the name Adobe Flash Player 0.2. This add-on uses a description that links itself to Adobe Flash Player 10 which makes it look legit on first glance.
Only the low version number and the fact that it is listed under extensions and not plugins may cause suspicion by Firefox users who pay attention.
The majority of users on the other hand may not pay attention to the version number at all assuming that this is just part of Adobe Flash Player now.
The spyware add-on itself is distributed through forums and websites but not the main Firefox add-on repository. Users are once again reminded to only install add-ons from trustworthy sources.
The spyware add-on injects ads into Google search results pages. More disturbing than that is the fact that the Google search history gets transferred to a third party website that is (most likely) run by the developers of the spyware add-on. This means that every Google search query is transferred to the third party server where it is processed and likely sold to the highest bidder or used to display targeted ads to the user.
Trendmicro suspects a change in criminal behavior. The web browser that was targeted the most in past years was Microsoft's Internet Explorer.
The massive number of Firefox usersmakes it the second most popular web browser after Internet Explorer and some spyware developers may have decided that the critical mass is large enough to develop spyware for that web browser as well. (Via Trendmicro, thanks Jojo for the news).
Update: The situation is about to change. Mozilla has announced protections against third party add-on installations in the Firefox browser that can prevent the majority of insertions in the browser.
Firefox users are still asked to only use the official Mozilla Add-on repository for add-on installations.
Red flags should go up if an add-on is only available on third party websites and not the official Mozilla site. Mozilla checks every add-on, and even every new version of that add-on, before it becomes available publicly in the repository.
Update 2: Firefox blocks add-on installations from third-party sites right now but gives users options to override this to install add-ons anyway. The organization announced that it plans to introduce add-on signing requirements in 2015 to deal with the issue once and for all.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.