1 min read

445,000 Mozilla users targeted by malicious add-ons


October 26, 2021

Promo Protect all your devices, without slowing them down.
Free 30-day trial
445,000 Mozilla users targeted by malicious add-ons

Mozilla reports it has identified and disabled two malicious Firefox add-ons installed on roughly 455,000 browsers.

The software modules, named Bypass and Bypass XM, first caught the eye of researchers in early June after abusing the proxy API to block Firefox updates.

According to Bleeping Computer, the two browser extensions were likely using a reverse proxy to bypass paywalled sites. However, Mozilla has said they were also intercepting and redirecting web requests to block users from downloading updates, updating remotely configured content, and accessing updated blocklists -- incriminating behavior that violates the company’s rules for add-ons.

Apart from blocking the extensions, Mozilla temporarily paused approval for new add-ons using the proxy API and has urged users to make sure their Firefox version is up to date.

Currently the fourth most-used browser in the world, after Chrome, Safari and Edge, users often see Firefox as a fast and generally safe open-source solution. However, this also makes it a favorite among cyber attackers.

Back in 2020, Mozilla took mass action banning nearly 200 shady Firefox add-ons that were caught executing malicious code or stealing user data. Many of them disguised themselves in sheep’s clothing pretending to be benign utilities likeFromDocToPDF, EasyZipTab or Fake YouTube Downloader.

Additionally, in February 2021, researchers discovered a malicious Firefox Gmail add-on, called FriarFox, that was targeting Tibetan organizations and ilegally accessing their Gmail accounts and browsers.




Radu is a tech-geek with 15 years of experience in writing, journalism and copywriting. When he’s not writing he’s probably taking something apart, trying to figure out how things work.

View all posts

You might also like