The Invisible Firefox Extensions
December 3rd, 2009
The Mozilla Firefox browser is constantly gaining in popularity. A recent market share survey by Net Applications awards Firefox with 24% of users worldwide. One of the key philosophies of Firefox is that its functionality can easily be extended using plug-ins or extensions. According to the Mozilla foundation there are more than 12,000 extensions available and they have recorded more than 1 billion extension downloads so far. Quite an irresistible target for a malware author, don’t you think?
This is by no means a new phenomenon, nor a Firefox-centric one. Browser helper objects (BHOs) in Microsoft’s Internet Explorer have been misused by attackers for years, and we saw malicious Firefox extensions appear more than three years ago. But, we have recently observed an increase in malware that drops malicious BHOs, Firefox extensions, and even Opera user scripts—all this in order to maximize their impact on a user’s machine. Trojan.Ransompage is a good example of such a threat targeting three browsers at once.
Even though it is often the case that people get tricked into installing malicious extensions unsolicited, most of the time we see that malicious extensions are dropped by local malware. This is not the fault of the browser per se, it' s just that the malware authors are misusing all of the provided features and a browser is present on nearly every system nowadays. Furthermore, all of the interesting information (such as credit card numbers or passwords) is usually entered through the browser, so it’s a perfect playing field for attackers.
Continues at Symantec Security Blog