Blocklist malicious "abusable.net" add-on

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
RESOLVED FIXED
5 years ago
a year ago

People

(Reporter: jorgev, Assigned: jorgev)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Assignee)

Description

5 years ago
What I did?
Downloaded add-on from http://abusable.net/x/video.php?56473456456

What happened?
DL URLs: 
FF - http://abusable.net/x/video.php?id=1

Analysis:

Loads JS from the add-on
Calls out to the following URLs (both return the same data)
http://juyh12.me/j.php
http://kmjh78.asia/j.php

juyh12.me/j.php and kmjh78.asia/j.php:
injects http://juyh12.me/js_f.php?v=tg0002
a library of functions to:
grab a user's Facebook or Tagged session details
solve captchas via http://mp56a.com/fn/cs/api/s_c.php?u
send log data to http://juyh12.me/ss.php?r
post to Facebook and Tagged

js_f.php:
same code as j.php


What should have happened?


It shouldn't steal your Facebook session information and post as a user
without their consent.
(Assignee)

Comment 1

5 years ago
Id: pfzPXmnzQRXX6@2iABkVe.com
Status: NEW → ASSIGNED
(Assignee)

Comment 2

5 years ago
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i99
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.