Mozilla appears to have let it’s guard down, with a Firefox add-on that included a Trojan that could allow remote access to a users PC.

Two add-ons were affected; Master Filer which was infected with a password-stealing Trojan called Win32.LdPinch.gen, and Sothink Web Video Downloader which was infected with a backdoor Trojan called Win32.Bifrose.32.Bifrose.

Mozilla has issued a statement:

“If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does not remove the trojan from a user’s system. Users with either of these add-ons should uninstall them immediately. Since uninstalling these extensions does not remove the trojan from a user’s system, an antivirus program should be used to scan and remove any infections.”

Mozilla believe only 4,600 people are infected after downloading these add-ons.

How these add-ons made it online is unknown, as Mozilla scans all add-ons for viruses before they are approved. Mozilla now plans on using two different malware detection tools to try and stop this issue from reoccurring in the future.

Comments are closed.