HomesecurityMozilla suspends Firefox Send because it is used by hackers

Mozilla suspends Firefox Send because it is used by hackers

Firefox Send

Mozilla temporarily suspended the Firefox Send file sharing service, as it investigates reports that η service used by malware operators in criminal activities.

Firefox Send: Created for secure file sharing

Mozilla released Firefox Send in March 2019. The service provides features secure hosting and sharing of files for users of Firefox. However, the service is actually accessible to anyone with access to the web portal send.firefox.com.

All files uploaded and notified via Firefox Send are stored in encrypted format and users can set the file storage time to server and the number of downloads before the end of the file.

Firefox Send: Used in ransomware attacks and espionage operations

However, while Mozilla released Firefox Send with that in mind privacy and safety of users, from the end of 2019, the service is widely used by malware community.

In most cases, malware creators upload malware payloads to Firefox Send. It file stored in encrypted form and then hackers share links by integrating them into e-mail they send to their goals.

In recent months, Firefox Send has been used to store payloads for all types of crimes. businesses in cyberspace, from ransomware as a economic scams, and from bank trojan as a spyware used mainly for espionage human rights defenders.

The FIN7, REVil (Sodinokibi), Ursnif (Dreambot) and Zloader are just a few of them gangs who have hosted malicious payloads in Firefox Send.

Mozilla

In an interview, o Colin Hardy, researcher security in the UK, described why criminals choose Firefox Send.

Initially, Hardy said that Firefox URLs are generally considered trustworthy, which means that email spam filters do not detect or configure to block Firefox Send URLs.

Second, the gangs they do not need to spend time and money to create a hosting infrastructure files. They can just use Mozilla's servers.

Third, the Firefox Send encrypts data and so it is difficult to detect malware.

However, the abuse of Firefox Send by criminal groups was noticed by the cyber-security community.

In recent months, security experts have been protesting lack of a "Report Abuse" or "File Report" mechanism, which could be used to remove malware.

Last month, researchers submitted a report of errors to Mozilla, and asked her to add one. system "Abuse Report".

However, Mozilla took it a step further and adopted one preventive approach, suspending the entire Firefox Send service. At the same time, she is working to improve it.

"These reports are worrying on many levels organization "We are taking action to address them," said a Mozilla spokesman.

"We will temporarily disable Firefox Send as we make product improvements. Before it is released again, we will add an abuse reporting mechanism to increase the existing feedback form and require all users, who want to share content using Firefox Send, log in to a Firefox account ”.

"We are closely monitoring these developments and are considering possible next steps," Mozilla added.

There is no timetable for the return of the Firefox Send. Firefox Send Links are now off, which means that any malware-based software has been avoided. service.

Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!
spot_img

LIVE NEWS