Hello, The attached zip contains a sample of a malicious addon. It hijacks a victim's Facebook account and sends spam to their friends. Thanks! Facebook Security MD5: dbd5241a393ef7c230f076cf132dd5a9
Created attachment 8669348 [details] malicious_addon_sample.zip Password on the attachment is 'infected'.
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i1034 Note this add-on passed automatic validation, so we should look into ways of flagging what it does. Maybe the obfuscated string in the contentScript property would be a good start.
Forgot to link to the entry: https://addons.mozilla.org/en-US/admin/addon/manage/fast-unlock/
These ones are similar, though none of them signed: https://addons.mozilla.org/en-US/firefox/blocked/i1038 https://addons.mozilla.org/en-US/firefox/blocked/i1036 https://addons.mozilla.org/en-US/firefox/blocked/i1032