Recently, Mozilla reported the detection of phishing attacks on add-ons for Firefox. Similar to recent attacks on packages in PYPI and NPM repositories, the amo add-ons catalogs (addons.mozilla.org) were targeted with emails impersonating Mozilla. These emails instructed developers to update their profile information to maintain catalog functionality. However, clicking on the links led developers to a fake website that proxied requests to the main catalog Addons.mozilla.org.
It is important to note that Mozilla’s official domains are limited to Mozilla.org and Firefox.com, and developers should not enter their data on any other domains. While the specific phishing domain was not disclosed, developers who received the fake emails have started reporting incidents of compromised add-ons. One developer mentioned a compromised addition called “modern twp” without providing further details.
