Weird malware affecting FF on Linux
Hi
My GF just rung up, she is running FF 128.0 (64-bit) from Ubuntu snap on Ubuntu Linux 22.04.4 LTS (which I set up for her and use myself)
She complained that whenever she starts up FF she gets a display about "MS Windows Defender" and ringing some allegedly Microsoft number together with a recorded message over and over.
I logged into her machine remotely using the SSH connection I've set up (Fiewalled so only I can do it), killed FF and she tried it again with the same result.
I told her go go onto Chrome for now, which she did without incident. On no account should she ring the number, which is obviously that of a scammer, although they would be confused by a Linux system.
In the meantime I had a look round the files on her machine. I couldn't find anything in particular, but I wasn't very sure where to look.
I tried deleting the contents of .cache/mozilla/firefox/0e35ujgr.default/startupCache and that enabled her to use FF again but I notice it got repopulated, seemingly with stuff relevant to Windows - however I see that exists on my system.
She almost exclusively uses Facebook on the system, I wonder if it is malware from a FB ad?
Has anyone got any idea about what this malware is, where it came from and what files I should remove from her system if it happens again.