Friday, January 15, 19:37
Home security Mozilla suspends Firefox Send because it is used by hackers

Mozilla suspends Firefox Send because it is used by hackers

Firefox Send

Mozilla temporarily suspended the Firefox Send file sharing service, as it investigates reports that η service used by malware operators in criminal activities.

Firefox Send: Created for secure file sharing

Mozilla released Firefox Send in March 2019. The service provides features secure hosting and sharing of files for users of Firefox. However, the service is actually accessible to anyone with access to the web portal send.firefox.com.

All files uploaded and notified via Firefox Send are stored in encrypted format and users can set the file storage time to server and the number of downloads before the end of the file.

Firefox Send: Used in ransomware attacks and espionage operations

However, while Mozilla released Firefox Send with that in mind privacy and safety of users, from the end of 2019, the service is widely used by malware community.

In most cases, malware creators upload malware payloads to Firefox Send. It file stored in encrypted form and then hackers share links by integrating them into e-mail they send to their goals.

In recent months, Firefox Send has been used to store payloads for all types of crimes. businesses in cyberspace, from ransomware as a economic scams, and from bank trojan as a spyware used mainly for espionage human rights defenders.

The FIN7, REVil (Sodinokibi), Ursnif (Dreambot) and Zloader are just a few of them gangs who have hosted malicious payloads in Firefox Send.

Mozilla

In an interview, o Colin Hardy, researcher security in the UK, described why criminals choose Firefox Send.

Initially, Hardy said that Firefox URLs are generally considered trustworthy, which means that email spam filters do not detect or configure to block Firefox Send URLs.

Second, the gangs they do not need to spend time and money to create a hosting infrastructure files. They can just use Mozilla's servers.

Third, the Firefox Send encrypts data and so it is difficult to detect malware.

However, the abuse of Firefox Send by criminal groups was noticed by the cyber-security community.

In recent months, security experts have been protesting lack of a "Report Abuse" or "File Report" mechanism, which could be used to remove malware.

Last month, researchers submitted a report of errors to Mozilla, and asked her to add one. system "Abuse Report".

However, Mozilla took it a step further and adopted one preventive approach, suspending the entire Firefox Send service. At the same time, she is working to improve it.

"These reports are worrying on many levels organization "We are taking action to address them," said a Mozilla spokesman.

"We will temporarily disable Firefox Send as we make product improvements. Before it is released again, we will add an abuse reporting mechanism to increase the existing feedback form and require all users, who want to share content using Firefox Send, log in to a Firefox account ”.

"We are closely monitoring these developments and are considering possible next steps," Mozilla added.

There is no timetable for the return of the Firefox Send. Firefox Send Links are now off, which means that any malware-based software has been avoided. service.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...