Firefox Send: Created for secure file sharing
Mozilla released Firefox Send in March 2019. The service provides features secure hosting and sharing of files for users of Firefox. However, the service is actually accessible to anyone with access to the web portal send.firefox.com.
Firefox Send: Used in ransomware attacks and espionage operations
However, while Mozilla released Firefox Send with that in mind privacy and safety of users, from the end of 2019, the service is widely used by malware community.
In recent months, Firefox Send has been used to store payloads for all types of crimes. businesses in cyberspace, from ransomware as a economic scams, and from bank trojan as a spyware used mainly for espionage human rights defenders.
In an interview, o Colin Hardy, researcher security in the UK, described why criminals choose Firefox Send.
Initially, Hardy said that Firefox URLs are generally considered trustworthy, which means that email spam filters do not detect or configure to block Firefox Send URLs.
Second, the gangs they do not need to spend time and money to create a hosting infrastructure files. They can just use Mozilla's servers.
Third, the Firefox Send encrypts data and so it is difficult to detect malware.
However, the abuse of Firefox Send by criminal groups was noticed by the cyber-security community.
In recent months, security experts have been protesting lack of a "Report Abuse" or "File Report" mechanism, which could be used to remove malware.
Last month, researchers submitted a report of errors to Mozilla, and asked her to add one. system "Abuse Report".
However, Mozilla took it a step further and adopted one preventive approach, suspending the entire Firefox Send service. At the same time, she is working to improve it.
"These reports are worrying on many levels organization "We are taking action to address them," said a Mozilla spokesman.
"We will temporarily disable Firefox Send as we make product improvements. Before it is released again, we will add an abuse reporting mechanism to increase the existing feedback form and require all users, who want to share content using Firefox Send, log in to a Firefox account ”.
"We are closely monitoring these developments and are considering possible next steps," Mozilla added.
There is no timetable for the return of the Firefox Send. Firefox Send Links are now off, which means that any malware-based software has been avoided. service.