Get Cape, a no-bullshit mobile provider focused on privacy and security, and get $20 off your monthly bill.

Firefox add-ons - more malware commeth?

Over the last month or so i've been noticing an influx of very sketchy add-ons appearing on the Firefox add-ons repository, all sharing common traits. I don't know what's going on, but i wonder if the developer is preparing to integrate malware into them as people start using them.

These add-ons tend to appear in batches of around half a dozen or so at a time, give or take, and when you check the developer pages, they all have 1 add-on and they all joined AMO on or near the same day. A proper icon is never incorporated and there are both English and non-English comments in the code as though it was copied from elsewhere or, perhaps, a team of people are working together. Here's an example of 5 add-ons that all appeared consecutively on AMO:

I've looked at the source code for a few of these add-ons over the last month or so and i'm not seeing anything too strange, other than they often don't perform the specific function they are purported to perform, nor is the manifest properly filled in. For example, the "Surround Sound" add-on has nothing to do with surround sound, rather it appears that it simply adjusts the volume of whatever is playing.

There must be around 100 of these add-ons by now, perhaps more.