Another wave of spam add-ons hits Mozilla Firefox AMO - gHacks Tech News

Another wave of spam add-ons hits Mozilla Firefox AMO

When you list available extensions for the Firefox browser based on recency right now on Mozilla AMO, the official Mozilla Add-ons repository store, you will stumble upon a list of extensions that promise free 4K streams of popular movies such as Ready Player One, Black Panther, Avengers Infinity War, or Pacific Rim Uprising.

The Firefox extensions appear to have been uploaded by different accounts that have been created today. The title and description is nearly identical, and the only part that changes is the title of the movie the the extension promises to deliver to the user system for free in 4K.

I downloaded several of the extensions and discovered two puzzling things: extensions use a file name that is entirely different to the extension's title on AMO. The Ready Player One extension's file name was fairway_solitaire_blast-20.0-an+fx.xpi for instance.

mozilla amo spam

When you check the content of the extension file, you will notice that it does nothing right now. The manifest file gives it permission to run on mozilla.org only and the only JavaScript file that it references contains a single line that changes the border style.

I have two potential explanations for that: the spammers use this to test the defenses of AMO, or they plan to release updates for the extensions that include the actual code. Whether that code will then redirect users to a streaming site or attempts to spam or infect devices is unclear at this point in time.

What is clear, however, is that Firefox users will face more of this in the future. Mozilla switched the review process of extensions from manually reviewing all add-ons for Firefox before publication on Mozilla AMO to a semi-automated system recently that accepts any extension that passes automatic security checks.

While add-ons do get reviewed manually by Mozilla employees and volunteers later on, they are listed on AMO in the meantime.

Another batch of spam extensions hit Mozilla AMO in December 2017. The situation was worse in December as spammers uploaded dozens of extensions to AMO so that the first two pages of recent add-ons were filled almost entirely with spam add-ons. The extensions back then promised free TV show streams.

Closing Words

Mozilla faces the same problematic situation that Google faced from the very beginning; automation may have its advantages, namely faster publication of add-ons and that it is cheaper, but that comes at the cost of allowing spam or even malicious extensions into the store for a period.

Now You: What's your take on the development?

Summary
Another wave of spam add-ons hits Mozilla Firefox AMO
Article Name
Another wave of spam add-ons hits Mozilla Firefox AMO
Description
When you list available extensions for the Firefox browser based on recency right now on Mozilla AMO, the official Mozilla Add-ons repository store, you will stumble upon a list of extensions that promise free 4K streams of popular movies such as Ready Player One, Black Panther, Avengers Infinity War, or Pacific Rim Uprising.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. ShintoPlasm said on April 9, 2018 at 10:14 am
    Reply

    Hurray for automated checks, Mozilla!

  2. Pomad said on April 9, 2018 at 11:54 am
    Reply

    This is fine. Spam AI can be fine tuned over time like with email.

    These add-ons are not malicious, either for privacy or security or user experience, they’re just spamming AMO itself.

    1. Pomad said on April 9, 2018 at 12:05 pm
      Reply

      And we probably don’t get to see them as normal users. I couldn’t access the URL that you used easily from the interface, https://addons.mozilla.org/en-US/firefox/search/?sort=updated

      And the extensions are gone now and it’s 12AM here so IIRC 6AM in New York and something something in California. That means your article was reporting spam that occurred during the night or the evening. So one possibility is that the add-ons have actually been caught by the spam filter and were accessible only for a short time.

      It’s also possible that an add-on reviewer removed them after you posted the article though.

      1. Pomad said on April 9, 2018 at 12:10 pm
        Reply

        Ah sorry, they’re not gone. They’re just somewhat down the list now. It appears that the add-on was posted 9 times by 3 different accounts though.

      2. Pomad said on April 9, 2018 at 12:12 pm
        Reply

        4 different accounts. Damnit, sorry for the spam of my own brand, somehow I can’t edit comments at all any more.

  3. Lord Lestat said on April 9, 2018 at 11:55 am
    Reply

    1) Webextensions are more secure they said…
    2) Webextensions are less abusable they said…

    1. Mk9 said on April 9, 2018 at 1:00 pm
      Reply

      It has really NOTHING to do with WebExtensions vs legacy add-ons. Please read the article before trolling.

      1. Lord Lestat said on April 9, 2018 at 1:05 pm
        Reply

        Well, secure and abuse – who said that that has only something to do with how an add-on is created?

        It can also be related to the review process. So before you are accusing others of trolling, think first before you write :)

      2. foolishgrunt said on April 9, 2018 at 5:41 pm
        Reply

        “It can also be related to the review process.”

        Um, no it can’t. This wave of spam has nothing to do with the addons themselves, but with the AMO website hosting them.

      3. lord lestat said on April 9, 2018 at 7:05 pm
        Reply

        Sure it can. The only one who says it can’t is you and others who have not a clue what over the top sarcasm and cynicism is.

        But you know what? Because i am a whole new (friendly) being – i will add a tag around my posts so simple minded people are getting it instantly when i go into ” mode.

        More i can not do for you. Have a nice day :D

      4. lord lestat said on April 9, 2018 at 7:06 pm
        Reply

        And as the VIP content of the post was not displayed…. i would say /fatality sarcasm – /fatality sarcasm is good enough :P

  4. Lord Lestat said on April 9, 2018 at 11:57 am
    Reply

    Wut? Why no ability to change or delete comments? Also sending the first comment i got told i have entered a duplicate comment after pressing one single time on post comment. Which was of course not true at all – especially when you only press one time.

    Looks like the new system here on Ghacks is a bit bug ridden?

    1. Martin Brinkmann said on April 9, 2018 at 12:14 pm
      Reply

      Sorry for that, I removed the Edit comments plugin because it was buggy.

  5. Liam said on April 9, 2018 at 12:22 pm
    Reply

    Ok, didn’t know they changed the review process. While it’s ok for Add-Ons that are already on AMO, i thought that new Add-Ons get reviewed manually to prevent this kind of spam.
    Oh, and i don’t like the development. Mozilla should rethink this review process.

    Thank’s for the explanation.

  6. Lord Lestat said on April 9, 2018 at 12:29 pm
    Reply

    Well, if you try to save money no matter what without willing to put a team behind which checks stuff on their own – Mozilla today is more about quantity than quality.

    From the add-on department towards having only a mainstream non-unique feature set on board.

    Now with all the money they can store, they can fund their usual doomed to fail secondary projects like it happened with so many Mozilla projects of the past already.

    Money spent well!

  7. TelV said on April 9, 2018 at 12:44 pm
    Reply

    Yes, I’ver seen this myself. I’ve also noticed that genuine addons are being disparaged in some user reviews and an alternative malware extension is being recommended instead. You can see this happening in the user reviews for No Coin which blocks miners on sites. They’re all written by “Anonymous user” and they all recommend Coinhive.com: https://addons.mozilla.org/en-US/firefox/addon/no-coin/reviews/

    Coinhive however has been flagged by Bleeping Computer as a favourite among malware developers: https://www.bleepingcomputer.com/news/security/coinhive-is-rapidly-becoming-a-favorite-tool-among-malware-devs/

    Why Mozilla doesn’t pick this kind of behaviour up is a mystery especially since they purport to protect users from abuse.

    1. pHROZEN gHOST said on April 9, 2018 at 3:43 pm
      Reply

      “Why Mozilla doesn’t pick this kind of behaviour up is a mystery especially since they purport to protect users from abuse.”

      It’s really quite simple. Mozilla has re-deployed resources, which would normally catch this sort of issue, to more profitable tasks.

      1. Bobby Phoenix said on April 10, 2018 at 2:46 am
        Reply

        Kind of shooting yourself in the foot. You can’t make much profit if you have no users since they left because they got duked into bad extensions, and said forget Firefox. No users = no profit. They better cowboy up, and fix this while it’s still possible.

  8. FormerAddonDev said on April 9, 2018 at 12:44 pm
    Reply

    Being a former add-on developer who suffered by Mozillas/AMOs piece-of-sh!t behavior I can say “Mozilla deserves this”.

    Killing the old add-ons, forcing “legacy” add-on devs to wait weeks or month for their add-ons being reviewed and now allowing every WebExtension being published without checking shows how retarded Mozilla became.

  9. Anonymous said on April 9, 2018 at 3:06 pm
    Reply

    “faster and cheaper” > in politics that’s what in France we call “liberalism”, “neo-capitalism”.. you know the fashionable thinking which steals the poor to give to the rich, which kills people at work, which force people to vote for extremes, with all the severe consequences that we already know… wars.

  10. dog said on April 9, 2018 at 3:07 pm
    Reply

    I have stopped using their website and plugin search in the add-ons view.
    I keep a bookmark of the website for the actual add-on to manually download the .xpi file from.
    That’s how bad I think this have gotten.

  11. Anonymous said on April 9, 2018 at 5:18 pm
    Reply

    I’m addon developer, I also got those fake reviews. Those fake reviews made my extensions’ rating went down and didn’t go back up even if those reviews were reported and deleted.

    I guess Mozilla really do intend to clone the spam reviews part from Google too.

    1. lord lestat said on April 10, 2018 at 12:28 am
      Reply

      /Fatality-Sarcasm-warning

      Mozilla is so caring for the users they want also to offer them the same issues like they are around in the Chrome add-on store. Isn’t it nice that they try to recreate the whole Chrome experience for the users? That way all the Chrome users will switch over in zero time :D

      /Fatality-Sarcasm-warning

  12. Paul T said on April 9, 2018 at 6:29 pm
    Reply

    My guess is they plan to release updates to already-accepted extensions to add malware/spyware components. The screening is likely more arduous for new extensions than updates.

    That’s typically how you get screwed on Google Chrome addons. You install a very popular, well-reviewed, perfectly safe addon to play a kitty-cat video on every browser startup back in 2015. Then in late 2017 a generous eastern European gentleman with a thick slavic accent offers the kitty-cat author thirty thousand dollars to transfer ownership of his addon. He does so, and then the next kitty-cat addon update logs every page you go to and mines Ethereum in the background to boot.

  13. Jozsef said on April 10, 2018 at 3:13 am
    Reply

    I’m sure the Mozilla, or should I say Moz://a, folks thought very carefully about all the recent decisions they’ve made and feel that overall, Firefox is still more secure than anything else and better than it was. This is typical of people who lack the ability to think logically.

    XUL has to go because it’s too powerful and can be a security risk, so Web Extensions will be enhanced for more capabilities, thereby moving them toward what supposedly caused XUL to be abandoned. Well, that makes sense. (!?)

    Now we get this insanity of allowing just about anything into the Addons site to be vetted later but that isn’t expected to upset anyone because it’s such a small thing. Sure, I mean what could possibly go wrong? At least we can say it’s a fine alternative to Chrome. What a sad tale this is.

    1. Lord Lestat said on April 10, 2018 at 10:17 am
      Reply

      Xul had to go because Mozilla wants the Chrome users – Chrome users would never use a product which is bloated with customization options like Firefox had them.

      The question is… now where Firefox is becoming more and more like Chrome… Where are those users?

      1. ToSlaveLestat said on April 10, 2018 at 12:35 pm
        Reply

        >Chrome users would never use a product which is bloated with customization options like Firefox had them

        Out-of-the-box, Firefox now offers more “customization options” than pre-Quantum, so your criticism doesn’t even make any sense. Which is so very typical for you, Lestat.

      2. Lord Lestat said on April 11, 2018 at 12:02 pm
        Reply

        No it does not. There is almost no UI customization around anymore. And CSS customization has been available also before, so your stupidity doesn’t even make any sense. Which is so very typical for you, wwwcom in disguise.

        Just wondering, you have a nick like Newbie with a number at the end too? :P

      3. Lord Lestat said on April 11, 2018 at 12:05 pm
        Reply

        Or Appster in disguise? With you lame Mozilla Chrome trolls you never know how much alternative handles you have around.

        Firefox 20-28 are the most feature rich Firefox versions. All other one’s are crippled and optimized for you Chrome feature set purists. If you want to get laid by Google, you know where you can find them :)

      4. Lord Lestat said on April 11, 2018 at 12:19 pm
        Reply

        Before i forget… Quantum is really worse than Australis – You can not even customize the menu that much anymore like it was possible with Australis. If you already have forgotten Mr. Know-nothing-yet-speaking-out-loud.

        And not speaking about the pathetic theme options and simplistic add-ons which are around by now.

        Btw. i would not be wondering at all if the term “notfunny” rings also a personal bell on your end of the world, Also either Germany or USA, all of that not at all related to this topic here of course, but i am sure you know what i mean :P

      5. Vakarian said on April 13, 2018 at 2:54 pm
        Reply

        As former Firefox user it is really sad to see the amount of options hating Trolls, which are now using the browser.

        Good that i switched over a rather long time ago to Chromium. Inside the Chromium community more sane and great people are around which actually make sense and are reasonable if you compare both browsers users. The Firefox user community degraded over time in a rapid way, great dedicated users and developers left, and got replaced… with what we can see today. Granted, not all who are left are bad, but a rather big part of them.

        In the past, when Mozilla still was making reasonable decisions, the users (and responsible developers) have been in general more intelligent – but when a browser developer goes downhill and makes questionable decisions and goes the political influenced way and is heavily humiliating a rather big amount of users or developers because of that reason, you know it is time to uninstall.

    2. TryReading said on April 10, 2018 at 12:29 pm
      Reply

      >This is typical of people who lack the ability to think logically.
      And the way you write is very typical of the Dunning–Kruger effect.

      >XUL has to go because it’s too powerful and can be a security risk, so Web Extensions will be enhanced for more capabilities, thereby moving them toward what supposedly caused XUL to be abandoned. Well, that makes sense. (!?)

      Legacy extensions had limitless capabilities. Webextensions will get more capabilities but will never be limitless – instead being limited by high level APIs. Isn’t it amazing how it actually makes sense if only you read about it before expressing your uninformed opinions online?

  14. John Doe 101 said on April 10, 2018 at 6:15 pm
    Reply

    Therefore anyone likes to change new FF Ui Colors, i found an Addon, which can do that, called NATIVE DARK.
    Let’s you decide which color you want to use In FF. Do NOT know, why Mozillians not implemented that.Available on the official AMO website.

  15. frs said on April 22, 2018 at 2:43 pm
    Reply

    is it just me or firefox amo is again unavailable? iam unable to update my addons & if i go to the amo, i get the error “this addon cannot be downladed bcoz of a connection feature” …??

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.