Firefox suspends its Firefox Send service, operated by cybercriminals

Firefox suspends its Firefox Send service, operated by cybercriminals Cybersecurity

Mozilla has temporarily suspended the Firefox Send file sharing service. The browser is indeed investigating abuse reports from malware operators and is working on adding a “Report Abuse” button. The browser removed this service after requests for information from ZDNet regarding the increasing prevalence of Firefox Send in current malware operations.

As a reminder, Mozilla launched Firefox Send in March 2019. This service offered Firefox users secure and private file hosting and sharing options. Despite its name, the service is actually accessible to anyone accessing the send.firefox.com web portal. All files downloaded and shared via Firefox Send were stored in an encrypted format, and users could configure how long the file was saved on the server and how many downloads were possible before the file expired.

The fact remains that while Mozilla launched Firefox Send with the privacy and security of its users in mind, the service unfortunately experienced wider adoption in the malware community. In most cases, the usage is generally the same. Malware writers download malware payloads to Firefox Send, the file is stored in an encrypted format, and then the hackers share the links inside the emails they send to their targets.

A useful service for cybercriminals

For the past few months, Firefox Send has been used to store payloads for all kinds of cybercrime operations, from ransomware to financial crimes, and bank trojans to spyware used to target human rights defenders. FIN7, REVil (Sodinokibi), Ursnif (Dreambot) and Zloader are just a few of the few malware gangs caught hosting payloads on Firefox Send.

In an interview with ZDNet on Tuesday, Colin Hardy, a British cybersecurity researcher, took the time to describe some of the many features that attracted malware authors to Firefox Send. For the latter, Firefox URLs are natively reliable within organizations, which means that spam filters do not detect or are not even configured to block Firefox Send URLs.

With the adoption of this service, cybercrime gangs no longer had to invest their time or their financial resources to set up a file hosting infrastructure. They could just use Mozilla’s servers. Finally, the service encrypts data, which hinders malware detection solutions, and download links can be configured to expire after a certain amount of time or a certain number of downloads, which hinders incident response efforts.

To great ills, great remedies

“Send also has a password protection function, which once again makes it easier to escape the detection of perimeter devices”, notes the researcher. The growing number of malware operations abusing Firefox Send has not escaped the notice of the cybersecurity community and various groups of malware hunters. In recent months, security experts have complained about the lack of a “report abuse” mechanism or a “Report File” button that they could have used to bring down malware operations that abused the platform.

Security researchers last month reported on Mozilla’s vulnerability manager, asking the foundation to add an abuse reporting system. Earlier today, ZDNet contacted Mozilla to inquire about the malware hosting problems we found, and the state of the abuse reporting mechanism.

While we expected a simple status update, Mozilla surprised us and the cybersecurity community by taking a proactive approach and almost immediately stopping the entire Firefox Send service while they were trying to improve it. “These reports are deeply worrying on several levels, and our organization is taking steps to remedy them,” a Mozilla spokesperson interviewed by ZDNet said on Wednesday.

“We will temporarily take Firefox Send offline while we make product improvements. Before the relaunch, we will add an abuse reporting mechanism to complete the existing feedback form, and we will ask all users wishing to share content using Firefox Send to register with a Firefox account, ”specifies this. last, declaring “to follow these developments carefully”.

At the time of this writing, no date has been given for the return of the service. All Firefox Send links are now out of service, which means that any service-based malware operation has also been foiled.

Source: ZDNet.com

Source: www.zdnet.fr

Rate article