THE AMERICA ONE NEWS
Aug 8, 2025  |  
0
 | Remer,MN
Sponsor:  QWIKET 
Sponsor:  QWIKET 
Sponsor:  QWIKET: Elevate your fantasy game! Interactive Sports Knowledge.
Sponsor:  QWIKET: Elevate your fantasy game! Interactive Sports Knowledge and Reasoning Support for Fantasy Sports and Betting Enthusiasts.
back  
topic


NextImg:Google Chrome rival issues urgent warning about new threat to your devices — the telltale signs you MUST spot

If you use Firefox browser on your device, you need to be aware of an urgent new warning issued by the developer Mozilla. The non-profit has discovered a serious security threat in the browser extensions feature. Mozilla issued an urgent warning on August 1 about cybercriminals targeting the accounts of add-on developers and users through sophisticated phishing emails.

Mozilla hasn't revealed exactly why criminals are going after the people behind add-ons for its popular web browser, which is used by some 142 million people worldwide, although it's likely that crooks want access to trusted developer accounts to introduce malware, steal customer data, or other nefarious activity to earn some money.

The threat affects the Add-ons Mozilla Organisation platform, known as AMO, which hosts more than 60,000 browser extensions and over 500,000 themes used by millions of Firefox users worldwide.

While it's not as popular as Google Chrome, or Safari — developed by Apple, Mozilla's Firefox is a free web browser that lets people access and browse the web. It describes itself as: "Go online with fewer distractions, noise and stress. Think of us as a breath of fresh air."

store for the mozilla firefox browser

MOZILLA

|

Developers work on extensions and add-ons for the Firefox web browser, which are available to download to unlock extra functionality

Developers who work on add-ons and extensions for Firefox are being targetted with phishing emails, Mozilla has warned.

These fraudulent messages claim your Mozilla Add-ons account needs updating to maintain access to developer features. The attackers are impersonating Mozilla's official communications, attempting to steal login credentials from developers and users of extensions you might use daily.

The common types of fake extensions detected include:

You can spot these phishing attempts through several telltale signs. For instance, the fraudulent emails contain spelling errors, such as "mozila" instead of "mozilla" in the sender's domain name. When you receive suspicious messages, check whether they originate from legitimate Mozilla domains: firefox.com, mozilla.org, mozilla.com, or their subdomains.

So, how do you protect yourself?

Your email provider already does some of the heavy lifting with the use of technical checks. Genuine Mozilla communications pass these email checks put in place, whereas phishing emails fail these security standards:

If the fraudulent email still somehow makes it through these initial checks, avoid clicking any embedded links. Instead, navigate directly to mozilla.org or firefox.com by typing the address into your browser. Only enter your Mozilla credentials on these official websites, never through email links.

mozilla firefox web browser download

MOZILLA

|

Firefox is used by 142 million users worldwide

The phishing campaign has already tricked users. One developer reported falling for the scam before recognising the deception and removing their extension from the platform.

Your browser extensions could become vehicles for malware if attackers gain control of developer accounts. Cybercriminals use these supply chain attacks to inject malicious code into trusted extensions, potentially accessing your banking details, social media accounts, cryptocurrency wallets, passwords, and browsing data.

The scale of this threat extends beyond individual users. With AMO serving tens of millions of Firefox users globally, a single compromised developer account could distribute malware to thousands or millions of unsuspecting people through automatic extension updates.

Mozilla advises developers to consult resources from the US Federal Trade Commission and UK National Cyber Security Centre for comprehensive phishing detection guidance. The organisation's security team, led by Scott DeVaney, emphasises implementing strict verification procedures when handling suspicious communications.

This incident follows other recent discoveries of malicious browser extensions across other platforms. Security researchers fromand Edge add-ons that secretly spy on users while appearing legitimate. These extensions tracked browsing activity and communicated with remote servers, highlighting the broader threat landscape facing browser extension users.

Mozilla launched new security features in late May specifically designed to block malicious Firefox extensions that target cryptocurrency wallets, demonstrating ongoing efforts to combat these evolving threats.