After receiving reports that cybercriminals were increasingly using Firefox Send to distribute malware, Mozilla took this file-sharing service offline. Find out why the service was commonly used by hackers and what the company is doing to curtail this abuse.
Living up to its promise of putting people’s privacy and security before profits, Mozilla temporarily suspended its free file-sharing service, Firefox Send, on July 7, 2020, due to security concerns. “In light of recent reports of Firefox Send being used to distribute malware, we have decided to temporarily take the service offline,” said Mozilla support staff.
Why Cybercriminals Have Been Using It
Before Firefox Send was shut down, hackers had been increasingly using it to spread ransomware, spyware, and other types of malware. The cybercriminals uploaded a malware file on Firefox Send’s servers and included the file’s download link in business email compromise (BEC), phishing, and other malicious emails. That way, the hackers did not have to build their own file-sharing servers, saving time and effort.
Other reasons why cybercriminals used Firefox Send include:
- A Firefox account was not needed to send files. Cybercriminals liked the anonymity provided by sending files without signing in.
- Independent platform. Neither a Firefox account nor a Firefox web browser were needed to receive files. This enabled cybercriminals to pursue more potential victims, as anyone with a web browser could be targeted.
- Short-lived malware files. Mozilla designed Firefox Send for sharing files and not storing them, so the files were stored online for only a short amount of time. People who did not sign in to the service with a Firefox account had the option of storing files either five minutes, one hour, or one day (the default). Once the specified time period was reached, the files were automatically deleted by the service. This was ideal for cybercriminals because they did not have to worry about deleting the files manually once their campaign ended. Plus, their deletion meant that researchers and forensic experts investigating security incidents could not examine the malware files, even if they had the download links.
- Spam filter evasion. Typically, email spam filters are not configured to detect and block Firefox Send links. Thus, the cybercriminals’ emails often made it past the spam filters and were delivered to the intended victims.
- Encrypted malware files. Firefox Send is designed to automatically provide end-to-end encryption to all files sent by users. This encryption process hinders the effectiveness of malware detection solutions because malware files are transmitted and stored in encrypted format.
What Mozilla Is Doing to Deter Cybercriminals
Mozilla has not yet released the improved Firefox Send at the time of this writing. However, the company has noted some of the security improvements it plans to include. For starters, Mozilla will require users to sign in with a Firefox account to send files. That way, cybercriminals cannot hide behind a veil of anonymity. Mozilla also plans to add an abuse reporting mechanism to supplement its existing feedback form. This will make it easier for file recipients and security researchers to flag malicious use of the service.
Besides making security-related improvements, Mozilla plans to add new features and capabilities that will enhance Firefox Send’s usability. The company has not released any details about these enhancements yet. Nor has it released any information about when the improved service will be available for use.
