Mozilla runs antivirus and compatibility scans when add-ons are submitted to the official add-on repository by developers.
These add-ons are then offered as experimental add-ons until they pass a human review which adds them fully to the add-on directory.
It came to light today that two add-ons that have been offered on the add-on repository were malicious in nature. They would drop a trojan on systems running Microsoft Windows when installed in Firefox.
The two infected add-ons where found after Mozilla added a new antivirus scan engine to the site, and performed a scan of all available add-ons.
The infected add-ons are: Sothink Web Video Downloader 4.0 and Master Filer which both contained the trojan Win32.Bifrose.32.Bifrose.
Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both add-ons have been disabled on AMO.
Firefox users who have downloaded and installed the add-ons should uninstall them immediately and perform a thorough scan for malicious software on their computer system. Most modern up to date antivirus software programs, such as Avast or AVG, can detect and remove the trojan from the computer system.
The add-ons were downloaded a total of 4600 times from the Mozilla website and an unknown amount of times from other websites that offered the add-ons.
Mozilla seems to have learned from the malware infection as they have increased the number of different malware scanning engines from one to three and it is very likely that more will be added in the future. The frequency of regular scans was also increased according to Techworld information.
Linux and Mac users are not affected by the trojan even if they have downloaded one or both of the malicious add-ons.
Tip: you can distinguish fully reviewed add-ons from preliminary reviewed ones in the following way: all preliminary reviewed add-ons display the sentence "This add-on has been preliminarily reviewed by Mozilla" underneath the download button.
There is obviously no 100% guarantee that reviewed add-ons won't contain malicious code, but the chance of that happening seems slim considering that manual reviews are thorough and an addition to the automatic scans that sort out the majority of problematic add-ons right away.
Firefox users who want to be on the safe side should go through an extension's source code if it is not reviewed fully yet to make sure it is clean. This is not really practicable though considering that the majority of users won't be able to read code.
There is however no other option apart from avoiding to installing add-ons.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.