Malicious FireFox extension seeks to steal private data

By Justin Mann on July 26, 2006, 5:36 PM
FireFox users beware, a rogue extension dubbed “FormSpy” is out to steal private information. Disguising itself as the very legitimate NumberLinks extension, the malware will actively look for passwords and private information like credit card numbers, as well as monitoring things like FTP and email traffic for private data. Primarily, a user gets infected by this extension through a piece of 3rd party software called Downloader-AXM. While that particular piece of software only affects Windows users, the fact that malicious extensions exist goes to show that ultimately, no matter how much security a system has, the user still has to make up their mind as to what they allow on their machines. You can read McAfee's security response here.




User Comments: 4

Got something to say? Post a comment
DragonMaster said:
Hopefully, NumberLinks doesn't look as something that is used by a lot of people. (Doesn't seem very useful)Just hoping Mozilla will do something about this -> Make extensions harder to install. They should include this before FFX2 is released.
ThomasNews said:
Making extensions harder to install for the End User isn't really the solution. The user needs to be more aware of what they are installing & not just blindly clicking Yes to prompts. The only thing I could imagine they would/could do is to valid an extension has been downloaded from Mozilla's secure extension sites/or some Extension whitelist.
spike said:
I suppose there could be some kind of encrypted signing system, where extentions have to be approved and signed by the Moz/FF community, and firefox will only accept extentions with that signing. It's not the best solution ideologically perhaps, but it works (for now, until the signing were to get cracked).
DragonMaster said:
The only thing is that an automated script can easily install a new extension just by copying files in the Mozilla folder w/o anyone noticing.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.