Mozilla reports it has identified and disabled two malicious Firefox add-ons installed on roughly 455,000 browsers.
The software modules, named Bypass and Bypass XM, first caught the eye of researchers in early June after abusing the proxy API to block Firefox updates.
According to Bleeping Computer, the two browser extensions were likely using a reverse proxy to bypass paywalled sites. However, Mozilla has said they were also intercepting and redirecting web requests to block users from downloading updates, updating remotely configured content, and accessing updated blocklists — incriminating behavior that violates the company’s rules for add-ons.
Apart from blocking the extensions, Mozilla temporarily paused approval for new add-ons using the proxy API and has urged users to make sure their Firefox version is up to date.
Currently the fourth most-used browser in the world, after Chrome, Safari and Edge, users often see Firefox as a fast and generally safe open-source solution. However, this also makes it a favorite among cyber attackers.
Back in 2020, Mozilla took mass action banning nearly 200 shady Firefox add-ons that were caught executing malicious code or stealing user data. Many of them disguised themselves in sheep’s clothing pretending to be benign utilities likeFromDocToPDF, EasyZipTab or Fake YouTube Downloader.
Additionally, in February 2021, researchers discovered a malicious Firefox Gmail add-on, called FriarFox, that was targeting Tibetan organizations and ilegally accessing their Gmail accounts and browsers.