Closed
Bug 1364352
Opened 8 years ago
Closed 8 years ago
Firefox tries to download malware when Zenmate plugin is installed
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: brad.inggs, Assigned: TheOne)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170504105526
Steps to reproduce:
Install Zenmate VPN plugin.
Go to any website that has flash enabled. For example, even go to the actual adobe flashplayer website and the malware tries to download to your browser.
Actual results:
When on a website that has flash, the plugin tries to download a file from https://ciuvo.com/ciuvo/globalstorage?version=2.0.4 which monitors your shopping. It enables and tries to download whenever firefox browser goes to a flash enabled website. After removing the zenmate plugin, the issue disappears.
Expected results:
When visiting a website with flash, there should be no call to a remote server trying to download malware.
Assignee | ||
Comment 1•8 years ago
|
||
Brad, thank you for the report, can you please tell us the link you downloaded that add-on from?
Assignee: nobody → awagner
Component: Untriaged → Blocklisting
Product: Firefox → Toolkit
Version: 53 Branch → unspecified
Assignee | ||
Updated•8 years ago
|
Flags: needinfo?(brad.inggs)
Hi Andreas, thanks for the swift action.
I have tested across 3 Windows Pro PC's. They were downloaded from the actual Zenmate.com site as well as the add-on section.
Flags: needinfo?(brad.inggs)
To test, you can open a free trial with an email and install the add-on then just visit https://www.adobe.com/products/flashplayer.html as a quick way to witness it. My Bitdefender grabs the phishing attempt immediately luckily.
Assignee | ||
Comment 4•8 years ago
|
||
Can you please provide the link to the exact page you downloaded the add-on from?
Flags: needinfo?(brad.inggs)
Assignee | ||
Comment 5•8 years ago
|
||
Alternatively, providing the add-on ID (you can see it if you go to about:support with the add-on installed) would also work.
sure, can get the ID, firefox@zenmate.com (version 5.10.2)
Its in the mozzilla addons store and also accessible from zenmate.com
Thanks Andreas
Flags: needinfo?(brad.inggs)
Here's the link to the addon page https://addons.mozilla.org/en-GB/firefox/addon/zenmate-security-privacy-vpn/?src=search
Hope that helps.
Assignee | ||
Comment 8•8 years ago
|
||
Thank you! I will have a look.
Thanks Andreas. I know Zenmate VPN is an extension/plugin but thought I'd raise it to Mozillas security for attention as they might try sneak something else through too with no notice as well. Spent two days trying to pin it down, thought it was Adobe, the browser, compromised ad networks, some infection somewhere then after all the scanning I started going through the extensions/plugins and eventually noticed it was Zenmate.
I see when googling if someone tries to find out how to remove this spyware it seems to send you to some dodgy sites that probably add some more wonderful spyware/malware along the way. Also searching for the address specificly came up with some russian sites that hid it in iframes.
Looking forward to hearing from you. Thanks Andreas.
Assignee | ||
Comment 10•8 years ago
|
||
Thanks Brad, we have reached out to the developer and expect to hear back soon.
Assignee | ||
Comment 11•8 years ago
|
||
An update has been submitted and approved that removes this feature, so we won't go forward with blocking.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•