Mozilla blocks malicious add-ons installed by 455K Firefox users

LASER_oneXM

Level 37
Verified
Feb 4, 2016
2,591
14,590
Mozilla blocked malicious Firefox add-ons installed by roughly 455,000 users after discovering in early June that they were abusing the proxy API to block Firefox updates.

The add-ons (named Bypass and Bypass XM) were using the API to intercept and redirect web requests to block users from downloading updates, updating remotely configured content, and accessing updated blocklists.

"To prevent additional users from being impacted by new add-on submissions misusing the proxy API, we paused on approvals for add-ons that used the proxy API until fixes were available for all users," Mozilla's Rachel Tublitz and Stuart Colville said.
 

SecureKongo

Level 23
Verified
Feb 25, 2017
1,238
8,599
To all the people bashing on Microsoft Defender:

Unbenannt.PNG

;)🖕
 

Nightwalker

Level 22
Verified
Trusted
Content Creator
May 26, 2014
1,188
7,888
On the 1st sight, it seems great that MS Defender detects this malware. But on a 2nd look, MS Defender has a dedicated category for BypassPaywall. Uhm, no thanks MS. Another reason why I'm not using MS Defender.

Err no, it is just the signature name, this doesnt mean that Microsoft Defender is actively detecting extensions or scripts that are made to bypass paywalls like this one below.


If you read the article you will understand why the name was chosen.
 

The_King

Level 12
Verified
Aug 2, 2020
553
6,053
On the 1st sight, it seems great that MS Defender detects this malware. But on a 2nd look, MS Defender has a dedicated category for BypassPaywall. Uhm, no thanks MS. Another reason why I'm not using MS Defender.
Somewhat agree with you.
While Mozilla didn't share if the two add-ons were doing anything else malicious in the background, BleepingComputer found after analyzing them that they likely were using a reverse proxy to bypass paywalled sites.

However, the add-ons also had Mozilla's domain in the paywall list which inadvertently also blocked browser updates.
Defender seems to be blocking it purely because its a Paywall bypass.Somewhat of a grey area if you use adblockers has you can now access paid for content for free.

On the other hand I personally think MS defender is great and offers excellent protection overall.
 

Nightwalker

Level 22
Verified
Trusted
Content Creator
May 26, 2014
1,188
7,888
Somewhat agree with you.

Defender seems to be blocking it purely because its a Paywall bypass.Somewhat of a grey area if you use adblockers has you can now access paid for content for free.

On the other hand I personally think MS defender is great and offers excellent protection overall.

No, it is being detected by Microsoft Defender because Mozilla Security Team marked those addons as malicious.



Microsoft Defender doesnt detect other paywall bypasses that are not malicious, do you know other clean paywall bypass that is being blocked by it? Never heard of a single case ...
 

Azure

Level 26
Verified
Content Creator
Oct 23, 2014
1,568
5,151
Would have been much more impressed by Microsoft if they detected it before the Mozilla report.
 

The_King

Level 12
Verified
Aug 2, 2020
553
6,053
Microsoft Defender doesnt detect other paywall bypasses that are not malicious, do you know other clean paywall bypass that is being blocked by it? Never heard of a single case ...
I have used Bypass Paywall clean a few months ago. Removed it because I don't normally visit paid for content sites and it
constantly asked for new site permissions every time I launched FF even if it was disabled. I do consider these plugins to be sketchy.

I am sure Firefox reported the extension to other AV vendors. MS Defender says it was updated 2 August yet no other
AV vendor considers the extension to be malicious on VT?

 

vaccineboy

Level 2
Sep 5, 2018
87
291
There is no indication that the addon has actually done anything malicious, but its setup could be used for malicious purpose should the developer choose to. Mozilla is right to block it, but labeling it as malicious in my opinion is a gray matter. The word "inadvertently" on the part of the addon developer was curiously recited.
And naming it the way MS does is also disagreeable.
 
Top