Securing Firefox Against Malicious Add-ons

Recently there was an outbreak of a malicious Firefox add-on that harvested bank login data, credit cards, debit cards and other financial information when the victims used Firefox to check their bank accounts or to do some online shopping. This malicious add-on was piggy-backing inside the software installer setup packages downloaded from untrustworthy sources like the P2P networks. The setup installers downloaded from P2P networks of otherwise harmful software like Winamp, Corel Paintshop, Power ISO were found containing this malicious Firefox extension that was being automatically installed in the victim’s computer.

You can prevent such trojan droppers or piggy-backing malware easily by using a few simple rules:

1. Always download software from trustworthy sources
Many people use P2P networks to download software (particularly the pirated versions of paid or commercial software). Software coming from such sources and often the pirated copies come pre-loaded with malware and other unwanted programs. This not only harms the software firms that put hard work in the software development, but the people who install such software become easy victims of cyber-criminals and end up either becoming a part of a larger botnet or losing their financial information. You can easily avoid this by downloading the software from trustworthy sources – either the websites of the software vendors themselves or from other reputed sites like softpedia.com, download.com, pcworld.com  etc.

Firefox Extensions Security

2. Update Mozilla Firefox to version 44.0 or Later
Mozilla is working hard to make it impossible for the malicious extensions to make their way into the browser without the user-consent. One of the measures they have taken is making it mandatory for all the extensions to be signed before they can be installed. They introduced this feature in the version 40 but have fully enforced it in the version 44. So you should update to version 44 of Firefox even if it is still in the beta stage.

3. Download extensions only from Mozilla add-ons site
Mozilla checks all the extensions uploaded to their add-ons repository for malicious or suspicious behavior before they are made available for everyone to download and install. This is why you will be better off if you choose to install the extensions from the Mozilla’s own add-ons website instead of from some third party website.

4. Switch to the Add-ons free mode of Firefox before shopping online
When you are going to make online payments using your credit cards/debit cards, or when you are going to login to your bank’s website to check your accounts, you should not trust any add-ons. Fortunately, Firefox has a add-ons free mode that is ideal for this. You can press the Alt key to make the menubar appear. In the menubar, you can select Help → Restart with Add-ons Disabled to temporarily restart Firefox with all the add-ons disabled.

Firefox Extensions Security

5. Keep a good antivirus installed with HTTP scanning capability
Sometimes, the only way to thwart the malware infection is through the defense provided by a good antivirus product. There are many free antivirus products but some of them provide only the basic file scanning. You should install an antivirus product that can scan the HTTP connections so that it can break the connections responsible for malicious  activities before the malware even makes it into your PC. Panda Free Antivirus, Avast Free Antivirus, Bitdefender Free Antivirus are some of the products that come with HTTP scanning modules.

Firefox Extensions Security

I hope you will find these tips useful when using Firefox for online shopping or other things that involve using the credit cards and stay protected.