The default bug view has changed. See this FAQ.

Malicious "Aplicativo" add-on

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
RESOLVED FIXED
5 years ago
a year ago

People

(Reporter: MarkH, Assigned: jorgev)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
Created attachment 635191 [details]
20120620_credito_m.zip password is malwares4mple

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5

Steps to reproduce:

Installed "credito.xpi"


Actual results:

On each page load: 

Injects some JS via toolbarOverlay.xul in the FF add-on:
http://64.31.12.85/~juninba1/Creditos/oi2.js

oi2.js:
injects the contents of http://64.31.12.85/~juninba1/Creditos/lol.txt as a
<script> tag

lol.txt:
spams out "Eu nunca mais pago por SMS e TORPEDO CURTE AI ASUHAUHSHAUS >>
http://www.facebook.com/pages/"+Math.floor((Math.random()*100)+1)+"/3093858
85808050?sk=app_139478552796147"

has the victim like a Facebook page



Expected results:

It shouldn't access your Facebook session and post repeatedly as you, without your consent.
(Assignee)

Comment 1

5 years ago
Id: {28bfb930-7620-11e1-b0c4-0800200c9a66}
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
(Assignee)

Comment 2

5 years ago
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i108
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED

Comment 3

5 years ago
is there any way how i can get this unplugged??i have been having trouble with my facebook game apps and i think this is the problem
(Assignee)

Comment 4

5 years ago
(In reply to gina_te01@yahoo.com from comment #3)
> is there any way how i can get this unplugged??i have been having trouble
> with my facebook game apps and i think this is the problem

Please visit our support site for problem resolutions: http://support.mozilla.com/.
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.