Mozilla's AMO Extensions store has a spam infestation problem

Martin Brinkmann
Dec 13, 2017
Updated • Dec 13, 2017

If you visit the official Mozilla AMO -- Addons Mozilla Org -- site right now you may notice an increase in extensions that are pure spam.

The site is abused by spammers currently who flood it with extension listings designed to get users to click on links in the description.

The method that these spammers use is simple: they have copied the Chrome extension Hide My IP and use it as the extension that they upload. They then add a descriptive title, e.g. Movie or TV Show Watch Online, and add links that point to public sites where these movies or shows can be streamed allegedly (the ones I tried led to various domains including Blogspot. or Cbldc).

You may be asked to fill out surveys or perform other actions when you interact with these sites.

You see most of these spam extensions when you sort the extensions by newest on AMO. 47 of the 60 add-ons on the first two pages are spam add-ons right now, only 13 are legitimate extensions for Firefox.

Follow this link to AMO to get the listing. All extensions that I looked at use the same Chrome extension, Hide My IP, and don't even hide the fact in the Manifest file. A quick glance over the file and other files indicates that the extension itself is identical.

I did not install the extension as it may have been manipulated before it was uploaded. Below is a screenshot of a listing that allegedly links to a stream for the Last Jedi movie.

How can this happen? Probably the main reason why you see an increase in spam extensions right now comes from the fact that extensions are not audited manually anymore before they are made available on AMO.

Mozilla changed the process recently to decrease the time between uploading extensions to Mozilla AMO and them becoming available on the site.

Safeguards are in place that prioritize extensions that are uploaded, but the fact remains that extensions are made available on AMO for a period of time before they are checked by a human.

Mozilla has a couple of options to deal with the issue. One that comes to mind is to put all extensions with links on a human checklist, so that these are not automatically added to Mozilla AMO.

This is not the first time that problematic extensions landed on AMO after Mozilla switched to an automatic review process. Earlier this year, extensions landed on AMO that would abuse user hardware to mine for digital currency. Mozilla reacted quickly, but the fact remained that users who downloaded these extensions were affected negatively by them.

Now You: What's your take on the issue?


Article Name
Mozilla's AMO Extensions store has a spam infestation problem
If you visit the official Mozilla AMO -- Addons Mozilla Org -- site right now you may notice an increase in extensions that are pure spam.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Kirk M said on December 16, 2017 at 6:21 pm

    Need some additional information.

    I followed the link in the article to the referenced Firefox addons “search results” page and saw nothing like as shown in the image shown in the article. All extensions listed are legitimate extensions and nothing like the list shown in the image.

    Also, you can’t sort by “Newest”. It’s not an option under “Sort by”. The options you do have in the drop down list are:

    Recently Updated
    Most Users
    Top Rated

    Another point. Why is the left hand pane in the article image shown blank when it actually contains the Filter drop down menus? Also, why is the page header not shown as well? It contains the search box itself which would show the search term(s) the author actually used to produce the search results list shown in the image?

    Either way, I can’t produce the same results as the author.

    1. Martin Brinkmann said on December 16, 2017 at 9:17 pm

      Mozilla may have removed those, but the underlying issue probably persists. Recently Updated includes new add-ons, that’s the only option to list new add-ons on the store.

      The pane is blank, because the screenshot shows results from mid-page, not top. There was no search listing, just the list of recently updated extensions.

      1. Kirk M said on December 19, 2017 at 9:25 pm

        Martin -Yup, I figured out why the left hand pane was blank right after it was too late to change the comment. Mind like a steal trap, that’s me (I’m beginning to seriously dislike getting old).

        And you’re correct of course, the underlying issue remains but that’s like saying that Microsoft may be issuing updates for zero day exploits to Windows a lot more often now but Windows will always be vulnerable. It’s not an excuse of course, but these kind of vulnerabilities will always exist. Especially if it’s on-line.

        That’s why it’s a good thing that people like us look for and report these things, yes?

      2. Martin Brinkmann said on December 20, 2017 at 5:42 am

        Kirk, the thing is, these things did not happen when all extensions were reviewed before they were published online on AMO. I understand Mozilla’s reason for switching to an automated system, but there are disadvantages to that (see Google Play, see Chrome Web Store). Bad things will slip by these automated systems.

  2. Lord-Lestat said on December 16, 2017 at 2:42 pm

    Happens if you exchange quality for quantity.

    Happens if you exchange unique stuff against stock ware.

    Happens if you sell-out instead of stay unique.

    Happens as long as Mozilla believes that a flavor of Chrome is more attractive than keeping the flavor of being Firefox.

  3. ULBoom said on December 15, 2017 at 2:30 am

    AMO’s a mess right now. I can do a good job of picking legitimate add ons from junk but it takes a long time, almost as long as finding something that’s not an ad server in the google store (maybe not that long.) Too bad some of the ancient but great add ons weren’t updated for the latest ff versions but I get why.

  4. Jetsam said on December 14, 2017 at 10:05 am

    Maybe everyone could help by spending a few minutes marking these rogue extensions as bad. There’s a “Report this add-on for abuse” link on each page.

  5. a nonymous said on December 14, 2017 at 8:58 am

    Sorry, but as a one is using NoScript10.x i would say the new addons-api is
    spam, too.

  6. Ben said on December 14, 2017 at 3:57 am

    As a web extension developer the old review process was painful due to the lack of human resources. Earlier this year it took an update to one of my extensions 6 weeks to receive its approval!

  7. Clairvaux said on December 13, 2017 at 8:24 pm

    One more example of the profound stupidity permeating Mozilla’s AMO site. Here is the search result for a specific extension, New Tab Override by Sören Hentzschel :

    The first result on the list is displayed as “New Tab Override (Web Extension)”. OK. So we know that New Tab Override is a Web Extension. This is a good thing, as far as user interaction is concerned.

    Then we have a look below, and none of the other extensions are marked as “(Web Extension)”. So, obvioulsy, we draw the conclusion that none of them is compatible with Firefox 57+. We also incidentally conclude that the whole transition is a disaster, because almost all extensions are incompatible.

    Guess what ? This is wrong. Down on the list, there is Tree Style Tab, by Piro. This happens to have been ported to the Web Extension system. I happen to know it, because I’ve done a lot of research before (and I’ve installed it on Firefox 57).

    However, the title suggests otherwise, because the user interface and general guidelines are lax and stupid enough that Sören Hentzschel can get to promote his own extension by signalling right in the title that it’s compatible, whereas Piro wasn’t smart enough to do that (like many others, presumably).

    Even when we do open the page of Tree Style Tab, it still does not say anywhere that this is a Web Extension. You need to suppose it might be one nevertheless, and start hunting (this means you’re already aware that there is a Web Extension compatibility problem, which is by no means a given).

    So let’s say we click on the “Home Page” link. This brings us here :

    The first thing one sees on the page are the words “XUL Apps”. The words “Web Extension” are nowhere to be seen. So we conclude wrongly, once more, that this is not compatible with Firefox 57+.

    Suppose that instead of “Home Page”, we click on “Support Site”. Then we get here :

    Again, no help in sight. This is a forum with a list of issues.

    We need to click on the link “treestyletab”, on top of the latter page, to reach this page :

    Then, we need to scroll down the page to, finally, learn this :

    “TST has two main version lines: “renewed” (WebExtensions-based) and “legacy” (XUL-based), and one more extra line: “migration”.”

    This information should have been mandated by Mozilla AMO site, right from the first search results page, and of course on each extension’s homepage at Mozilla’s, in a very visible spot. Instead, it’s so deeply hidden as to be practically out of sight, except for the geekiest of users with a lot of time on their hands. Which, incidentally, is a population Mozilla seems to be shunning, in favor of a more mass-market audience.

    How terminally stupid is that ? Regardless of the opportunity of the new extension system, if you decide to embark on such a major change, the first thing you do is educate your users about it. You saturate the Web with information on the compatibility status of extensions. You write “Web Extension” all over the place, so the users can learn it’s a Very Important Thing and the Best Thing Since Baked Bread and something they absolutely need to be compatible with, if they still want to attract the attention of girls, be in the move and not get cancer.

    Or, you decide to do it sneakily because you got a lot of opposition, you fear the transition, and you think it’s better to bury your head in the sand (and thoroughly confuse your users).

    1. Anonymous said on December 14, 2017 at 5:46 pm

      (this means you’re already aware that there is a Web Extension compatibility problem, which is by no means a given).

      Someone who uses Firefox 57 and up doesn’t need to be aware of WebExtension compatibility. He can only install WebExtensions.

      Same for Firefox 56 and below, they can only install whatever the add-on author said his thing was compatible with in the manifest file (user doesn’t need to know, if it’s not compatible he can’t install)

      1. ULBoom said on December 15, 2017 at 2:18 am

        True and most users couldn’t be bothered with how firefox works, in fact most users use chrome, mostly because it has a tendency to just appear and it’s supplied with lots of devices. The beauty of firefox is customization; there is still a huge base of users who change lots of config settings and use add ons who want some idea of how things work.

      2. Clairvaux said on December 14, 2017 at 6:41 pm

        @ Anonymous

        I’ve said it before and I’ll say it again : you have perfectly explained the worldview that the higher-ups know best what’s good for the great unwashed masses, and how do the users dare ask questions ? You don’t need to know, Mister Joe Sixpack. Just shut up and do as you are told.

        The arrogance is breathtaking. I have just explained, in great detail, why I (and millions of others) needed to know. And you have the gall to tell me : you don’t need to know ?

        What happened with the concept of empowering users, of learning how computers work, of open source software itself ? And you have the nerve to tell me I don’t need what I need, on an advanced technical blog whose aim is precisely to help users understand how their computers work, and make them work better ?

        “Someone who uses Firefox 57 and up doesn’t need to be aware of WebExtension compatibility.”

        Obviously, Martin Brinkmann has been writing hundreds of pages for months about Web Extensions, because people do not need to be aware of Web Extensions. And those posts have been avidly commented by hundreds of people, because they could not care less about Web Extensions.

        What you are telling people is : if it does not work, then you’re out of luck. Don’t try to understand why it does not work. Don’t try to make it work. Don’t, especially, try to understand the issues beforehand, so you can setup your computer in a way that it won’t hit an incompatibility wall, come Web Extensions or whatever else. Just wait passively for Mozilla, Google, Microsoft, Firefox and others to feed you with whatever they will see fit. Don’t move, don’t complain and don’t forget to say thank you.

        I just hope you’re not a developer, because if you are you’re in the wrong trade. Maybe the police would suit you better. Personal computing started as a way to hand back power to the users. It seems we’ve come full circle, and some practitioners, or even users, are now openly calling for a system of soft fascism : the less you know, the less leeway you have, the better.

    2. ams said on December 14, 2017 at 3:00 am

      Happy Holidays, Clairvaux. I admire your posts, and nearly always agree with your assessment. It’s like, “Clairvaux already covered it” so I refrain from posting b/c my comment would just be redundant. This time, I’m choosing to at least post a thankful acknowledgement.

      1. Clairvaux said on December 14, 2017 at 2:19 pm

        Why, thank you for your kind appreciations, ams and Jason, and happy Christmas to you both. Of course, I don’t “cover” most of the issues at stake, far from it. I just share my opinion and the information I may happen to have on a few subjects that I feel could interest others. And I in turn rely heavily on many Ghacks contributors far more knowledgeable than myself.

      2. Jason said on December 14, 2017 at 5:15 am

        @ams: I would like to second your thankful acknowledgment! This is the second post from Clairvaux I read tonight that expresses my feelings in more precise (and colourful!) language than I can muster.

  8. Malignious Advertiser said on December 13, 2017 at 7:08 pm

    You are using Firefox by Mozilla ©
    You are using a Microsoft © OS

    You obviously do not care abour privacy, so adware addons are free for you to install.

    1. pHROZEN gHOST said on December 13, 2017 at 8:31 pm

      DooD, Firefox runs on Linux … in case you didn’t know.

      1. H said on December 14, 2017 at 1:39 am

        Short and to the point. :))

  9. Jim777 said on December 13, 2017 at 2:22 pm

    It shows the increase of sick minds. Mozilla should be able to handle the situation properly, if they really want to.

  10. karlo2105 said on December 13, 2017 at 2:17 pm

    Mozilla shut down Firefox when they quit XUL. Are developers stupid or what? Without choice of customisation Firefox is no more FIrefox. Now we have Chromefox.
    Mozilla mastermind who decided to follow this way is a disgrace. After Firefox 52 ESR is done, I shall give up Firefox after 13 years because I can’t stand a browser which is not customisable.

    1. Unknown Disturbance said on December 16, 2017 at 12:15 pm

      But with all the free spam we can feed the hungry right? /sarc

      You are still in the Greiving stage. You have to pass through the Anger stage, Planning stage and then Action stage it would be nice if there was a shortcut, but unless you mentally train your mind (and I don’t, I never freaking do.. lol) you probably won’t just jump through straight from Mozilla hit to Mozilla retaliation like a ping pong ball bounce.

      Mozilla has this way about it in recent versions, where everything all breaks at one time. So good luck troubleshooting skills if you haven’t been chopping and hacking away and improving your client since Netscape 3.04g

      KEEP WHAT WAS WORKING FOR YOU. with palemoon and basilisk ( I don’t have Firefox installed and I am on Linux Mint) and nginx and some disk space I place all my addons (hacked, and specific versions to run certain browsers like on Palemoon you can edit the GUID numbers, versions, ports, on and on) all into my addons, extensions, xpi’s, .css ‘s and .js’s repository. It lightens up my loading of everyones websites. So it’s a mix of everything I use all my githubs, all my themes all into the one directory on nginx. with a little index.php to list the files like an FTP site. Turn off all that extension can’t be installed nonsense and add a Startup page pointing to a local search.htm you can be ripping the web up without wasting all dang day with this nonsense.

      you can do a lot with your instant mozilla repository – fast too. backing up proxy lists, null file imports all kinds of tricks you can save time tweaking to bailout (if need be) and get settings from one browser to another

      dump failfox latest version, nobody will hate ya. Their stats will drop, it’ll send a message. In the end if people can’t get their work done they will choose something else, they can deny it but facts will run them through and be done with their fake history.


  11. pHROZEN gHOST said on December 13, 2017 at 2:01 pm

    Is there any chance Mozilla is getting kickbacks from someone to allow this to happen?

    Good extensions have gone bad. So why not the browser?

    Mozilla did report that profits were up.

  12. Fred Thompson said on December 13, 2017 at 1:28 pm

    This crap started a few days ago with the huge number of “PDF” addons…

  13. max said on December 13, 2017 at 1:16 pm

    But at least they’re signed!

  14. crambie said on December 13, 2017 at 11:41 am

    It’s just become a poor chrome clone with all the downsides. If Google still can’t auto audit properly how do Mozilla think they’ll do any better.

    1. KeZa said on December 14, 2017 at 3:17 pm

      Firefox Quantum Isn’t Just “Copying” Chrome: It’s Much More Powerful

  15. Clairvaux said on December 13, 2017 at 11:01 am

    What is the nefarious action of those fraudulent extensions ?

  16. TelV said on December 13, 2017 at 10:58 am

    I think it would go some way towards resolving the problem if Mozilla banned the use of “Anonymous user” as an uploader. That appears below all the movie links I notice. The AMO site would need to be configured to recognize that using a random alpha-numeric combination after the name doesn’t constitute a different user. It shouldn’t be too difficult I would have thought to filter all uploads with that uploader name so that they don’t appear anymore.

  17. Robert Ab said on December 13, 2017 at 10:56 am

    So now we know why Mozilla thinks that XUL addons are getting replacements quickly with so many thousands of new webextensions.

  18. Xibula said on December 13, 2017 at 8:23 am

    Hola VPN Proxy is another example of fake addon (/firefox/addon/hola-vpn-proxy/)
    it looks like the real one until you start using it

  19. Anonymous said on December 13, 2017 at 8:16 am

    AMO cloning the Chrome Store malware, nothing surprising. Mozilla’s delevelopers always thinking to add telemetry for anything should add one to know how many users install spam/infested WebExtensions.

  20. Tony said on December 13, 2017 at 7:14 am

    I previously looked at AMO almost daily to see what was new. Now, due to the spam and questionable extensions, I don’t even bother looking.

    It was kinda fun seeing what was new, but now that I stopped looking, the plus side is that I have an extra 10-15 minutes every day to do something else. :)

  21. Appster said on December 13, 2017 at 7:07 am

    Wow, that comes unexpected… NOT. Mozilla has crippled extensions so much that they don’t think a review process is necessary anymore, and thus ended up with loads of crap. Serves them right.

    Happily using Waterfox over here.

    1. Anonymous said on December 13, 2017 at 7:53 pm

      They still review add-ons, and let developers post them before hand. That’s how spam can exist, and that’s how spam filters can exist. In my mail box all spam is directed to the spam folder, which proves it can be detected, which proves the open approach isn’t wrong.

      I agree with that approach but they need to add a way so that people who want to can be sure they only receive reviewed ones.

      1. Anonymous said on December 14, 2017 at 12:11 am

        There *is* a fine middle ground: One where 75% of all add-ons are reviewed within 5 days, 5% within 5 to 10 days. That’s what happens at the moment.

        Developers prefer it that way and Firefox needs it right now so that the surge of new add-ons and new APIs can replace legacy and get refined quickly.

        I would prefer that there be an indication that an add-on has been reviewed though, and an equivalent protection for add-on updates. THIS would be my ideal solution accounting for all issues on all sides.

      2. Appster said on December 13, 2017 at 8:45 pm

        Sorry, but this is not a “reviewing process” in my book. When a extension is under review it shouldn’t appear on AMO, at all. Vast damage could be done before Mozilla could even react. If you ask me, there are only two approaches:

        1) The “Apple” way of doing it: Review the extension and don’t let it appear on AMO until the review is finished.
        2) Don’t review at all.

        In this case, there is no middle ground. The way Mozilla handles it is plain stupid.

  22. jupe said on December 13, 2017 at 6:47 am

    I consider all the millions of New Tab theme extensions spam, there are soooooooo many to have to look through when for example looking at recently created extensions lists etc.

    And yeah I agree Martin at the very least they should pull all listings that have in their descriptions and just delete them not even bother to review them.

    1. vosie said on December 14, 2017 at 8:23 am

      It’s good for Mozilla’s stats, because the spam addons increase the amount of addons so Mozilla can use the stats to praise and advertise WebExtensions.

  23. Jeorge said on December 13, 2017 at 6:42 am

    Shame that Firefox has followed Chrome footstep. First they adopted W.E from Chrome, which killed the only positive reason for anyone to switch to Firefox. Then they adopted no review policy which unexpectedly produce crap in their store and leave their users in more security breaches. I don’t see any good reason for anyone to switch to Firefox if it’s not any better than Chrome.

    1. Google Skynet said on December 14, 2017 at 5:47 am

      The difference between Firefox and Chrome? No Google spying. Some extensions still work marginally better on Firefox though, like uBlock. There’s also all the web dev stuff for Firefox, Chrome doesn’t give you as much access.

  24. Apparition said on December 13, 2017 at 6:38 am

    Mozilla Firefox’s extension store is infested with spam? Geeze, Firefox really *is* becoming more like Google Chrome…

    1. Malignious Advertiser said on December 13, 2017 at 7:00 pm

      My take on the issue is that Firefox is dead. I still use SeaMonkey ®

      1. KeZa said on December 14, 2017 at 3:16 pm

        FireFox is still alive and kicking and is the best browser out there but I’m on the old one with the gacks-prefs here on Xp and no Chrome for me here. Always problems with Google in connection with privacy and it is normal to have a total newly wed browser like Quantum and that it is not ready practical with all the new web-extensions and what not & take a look at W10. W10 is out for years and it is not finished by a long shot and have problems…

        So please be patient and let see first what they can do about…

        Kevin z. from Belgium

      2. Anonymous said on December 13, 2017 at 7:49 pm

        Yesterday it rained and I forgot to shut my windows. There were some water on the floor man. My take on the issue is that Firefox is dead. Now I use SeaMonkey, that helps with my floor troubles.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.