Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Malicious "Free Cheesecake Factory" Add-On

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
RESOLVED FIXED
6 years ago
a year ago

People

(Reporter: MarkH, Assigned: fligtar)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [extension][hardblock], URL)

(Reporter)

Description

6 years ago
Created attachment 583881 [details]
malicious_addon.zip

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7

Steps to reproduce:

The third-party add-on "Free Cheesecake Factory" is malicious is actively generating spam on Facebook.  It steals the user's browser cookies for Facebook and sends out numerous messages on the users behalf.  It also takes actions to hide its activity by injecting an overlay image into the DOM when the user attempts to view their news feed in Facebook.  The malicious plugin and the JS files it loads remotely are attached.



Actual results:

Installed the malicious "Free Cheesecake Factory" add-on and it resulting in spam being posted to a Facebook account.

Updated

6 years ago
(Assignee)

Updated

6 years ago
Assignee: nobody → fligtar
Id: youtube@youtube2.com
(Assignee)

Comment 2

6 years ago
UUID youtube@youtube2.com
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [extension][hardblock]
(Assignee)

Comment 3

6 years ago
yes, I midaired you and didn't care :p
(Assignee)

Comment 4

6 years ago
Blocked in production.

https://addons.mozilla.org/en-US/firefox/blocked/i47
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Assignee)

Comment 5

6 years ago
Yikes, this add-on had 600,000 users and was growing about 50,000 per day until it was blocked.
(Assignee)

Comment 6

6 years ago
Please file these bugs in Blocklisting component in the future.
Component: Add-on Security → Blocklisting
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.