UPDATE: Mozilla has issued users with a warning that two add-on available from the official Add-ons website (addons.mozilla.org) contained code that infected Windows PCs.
Two One add-ons are affected:
- Master Filer - Infected with a password-stealing Trojan called Win32.LdPinch.gen
- Sothink Web Video Downloader - Infected with a backdoor Trojan called Win32.Bifrose.32.Bifrose
Important note: The Sothink Web Video Downloader was incorrectly identified by Mozilla as a trojan because the virus scanner used threw up a false-positive. This add-on is 100% safe.
Here’s what Mozilla has to say:
If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does not remove the trojan from a user’s system. Users with either of these add-ons should uninstall them immediately. Since uninstalling these extensions does not remove the trojan from a user’s system, an antivirus program should be used to scan and remove any infections.
It is believed that some 4,600 users have been infected.
Mozilla does scan all uploaded add-ons for malware, and blocks any that are infected. However, in this case the process failed. Now Mozilla has added two new malware detection tools to the scan chain to offer additional protection. It was at this stage that the malware hidden in the Sothink Web Video Downloader was discovered.
Important note: The Sothink Web Video Downloader was incorrectly identified by Mozilla as a trojan because the virus scanner used threw up a false-positive. This add-on is 100% safe.
Bottom line, it’s unwise to rely solely on scanning done by a third-party.
