Redazione RHC : 4 August 2025 15:02
Mozilla has warned Firefox extension developers of a new phishing campaign aimed at compromising their accounts on the official AMO platform (addons.mozilla.org). This ecosystem includes over 60,000 add-ons and more than half a million themes, used daily by tens of millions of people worldwide.
According to the published warning, attackers are sending emails on behalf of the AMO team, claiming that the developer account needs to be updated urgently to maintain access to the tools. In reality, these emails lead to fake sites designed to steal logins and passwords. The message typically contains a variation of the phrase “Your Mozilla add-ons account requires an update to continue using developer features,” which is intended to alarm the recipient and trick them into clicking the malicious link.
Mozilla strongly recommends verifying the authenticity of emails: they must come from firefox.com, mozilla.org, mozilla.com, or their subdomains, and must be subjected to basic authentication using SPF, DKIM, and DMARC. Developers are advised to avoid clicking links in such messages and, if necessary, visit the AMO website themselves via the official address to ensure their information is up to date. It is especially emphasized that login and password should only be entered on the original Mozilla or Firefox websites.
While the scope of the attack has not yet been revealed, Mozilla has confirmed that at least one developer has already fallen victim to the system. This suggests a real threat, although no data is yet available on the number of compromised accounts or the attackers’ next moves. The organization has promised to provide more information as it becomes available.
This situation raises important context. Last month, the Add-ons Operations team implemented a new security measure designed to automatically block malicious extensions masquerading as cryptocurrency wallets. As team leader Andreas Wagner noted, hundreds of malicious extensions have been identified and removed in recent years. Some of these were used directly to steal cryptocurrencies, although not all showed obvious signs of damage.
In this context, the statistics are particularly alarming: Last year alone, criminals managed to steal approximately $494 million in cryptocurrencies by attacking wallets, including over 300,000 unique addresses. Cases like these demonstrate how dangerous even a single hacker attack on a developer’s account can be: given the widespread distribution of add-ons, they become an ideal platform for the introduction of malicious code.
The short conclusion is this: developers publishing extensions on the Mozilla platform are once again at risk. Phishing in this case is not only a threat to personal security, but a potential channel for infecting tens of millions of users worldwide.
Redazione