Mozilla has issued an urgent warning to developers about an active phishing campaign targeting their accounts on the official Firefox add-on store, addons.mozilla.org (AMO).

This platform currently hosts over 60,000 browser extensions and more than 500,000 themes, used by tens of millions of Firefox users worldwide.

In a recent security advisory, Mozilla revealed that attackers are sending fake emails pretending to be from the AMO team. These emails trick developers into thinking their accounts need to be updated to keep using development tools.

Mozilla said the emails often say something like, “Your Mozilla Add-ons account requires an update to continue accessing developer features.”

The company urged developers to be extra cautious and never click on links in suspicious emails. Instead, Mozilla recommends:

  • Checking if the email comes from a real Mozilla domain, such as mozilla.org, firefox.com, or mozilla.com
  • Making sure the email passes standard security checks like SPF, DKIM, and DMARC
  • Going directly to Mozilla’s websites in a browser instead of clicking links from emails
  • Only entering login credentials on official Mozilla or Firefox pages

Although Mozilla has not revealed the extent of the attack or whether any accounts have already been compromised, at least one developer has come forward, stating they were tricked.

Mozilla has promised to share more information as it learns more about this phishing campaign.

This warning follows Mozilla’s recent announcement that its Add-ons Operations team has added a new security feature to block malicious extensions that try to steal users’ cryptocurrency.


Buy ExpressVPN with PayPal or Credit Card
READ
China Could Trigger Massive Blackouts Across Europe Through Solar Inverters, Report Warns

According to Andreas Wagner, who leads the add-ons content security team, Mozilla has removed hundreds of harmful extensions over the years, including fake crypto wallets. Some of these were not directly linked to hacking attempts, but cybercriminals still managed to steal $494 million in cryptocurrency last year, targeting over 300,000 wallet addresses through so-called wallet-draining attacks.

Advertisement