Hello, I just want to report two malicious add-ons I found, one is called "Browser plugin", the other "speed updater". They stop updating firefox on version 45.
If needed, I can provide sample files, if you tell me how. (I already manually updated firefox to 48.0.2, and it disabled those two add-ons, which I didn't install best, L.
所有回覆 (6)
Have you got links to where these were found ?
Saying Firefox 48 disabled them sounds good, because it is designed to not use unsigned addons.
Possibly these are not malicious only unsigned. Or did you get some sort of malware alert, if so maybe you can give brief details.
Unfortunately, no. However, I am pretty sure they are malware for several reasons:
- There is no any information about them on add-ons page or on the net
- I did not install them and I am pretty certain about every add-on I installed, I do not have many
- Updates of my firefox were disabled at version 45, which is the last version not using add-ons, probably their action to stop being detected as unsigned malware
由 lovor 於
I suggest you submit the files to virustotal
They will scan the files and generate a report. Probably not much we can do about an addon of unknown origin that is already identified as an unsigned add-on. It would however be interesting to see the links to the reports virustotal generates for the files.
I suppose the only danger is that they are still a threat to corporate users of Firefox ESR, but they by definition have IT departments to supervise Firefox use and likely sophisticated firewalls and AV software.
Ok. Will do and report back the results.
lovor said
- Updates of my firefox were disabled at version 45, which is the last version not using add-ons, probably their action to stop being detected as unsigned malware
You mean unsigned Extensions.
Firefox 46.0 and 47.0 could use unsigned Extensions if you changed the xpinstall.signatures.required to false. However this temporary preference no longer works as of Firefox 48.0
What the general term Addons refers to https://addons.mozilla.org/faq
Yes, you are correct, I meant unsigned add-ons. However, xpinstall.signatures.required was set to false (I changed it now to true), which was obviously action of malware, concurrently with disabling firefox updates.