Mozilla warns against phishing attacks targeting add-on developers

The phishing campaign warning follows news of Mozilla’s Add-ons Operations team launching a security feature in late May that would help block malicious Firefox extensions that drain cryptocurrency wallets

MANILA, Philippines – Mozilla warned its community of add-on developers on Friday, August 1, that a phishing campaign was ongoing targeting said accounts.

Mozilla warned add-on developers to be cautious and scrutinize emails that appear to be coming from Mozilla or from addons.mozilla.org. The phishing emails would try to state a variation of the message, “Your Mozilla Add-ons account requires an update to continue accessing developer features.” These would then lead developers to click on malicious links in the given email.

Mozilla told developers that, aside from logging into their accounts with their Mozilla username and password on mozilla.org or firefox.com, they should make sure to note the following:

• Do not click any links in the email.
• Verify the email was sent by a Mozilla-owned domain: firefox.com, mozilla.org, mozilla.com, or their subdomains.
• Ensure that the email passes SPF, DKIM, and DMARC checks (consult your email provider and/or email client’s support documentation for details).
• Validate that links in the email point to mozilla.org or firefox.com before opening them; or even better, navigate directly to these domains rather than visiting via a link in an email.

Bleeping Computer, in its report, added that while​ Mozilla has yet to disclose the scale of this phishing campaign, the end goal of the attacks, or whether any developer accounts had already been successfully compromised, at least one developer claimed to have been affected.

The phishing campaign warning follows news of Mozilla’s Add-ons Operations team launching a security feature in late May that would help block malicious Firefox extensions that drain cryptocurrency wallets. – Rappler.com