Mozilla has temporarily suspended its online file-sharing service Firefox Send. The decision comes in the wake of platform abuse by cybercriminals. The tech giant is now working on the report abuse mechanism for better platform security.
Mozilla Suspends Firefox Send
According to ZDNet, Mozilla has temporarily shut down its file-sharing service Firefox Send due to potential abuse.
As revealed, the vendors have pulled this service offline following multiple reports of platform abuse by cybercriminals. The threat actors have misused the service for ransomware and spyware attacks.
Mozilla’s Firefox Send started off as a dedicated file-sharing platform for Firefox users. It gained traction given its safe file storage features that also include file encryption. Moreover, users could also configure the time duration and the number of downloads allowed until the file availability.
However, it wasn’t limited to Firefox users only, rather everyone could use it. That’s what instigated the threat actors to exploit the service.
Numerous users caught various malware hosted on the platform. Below are some of the tweets.
Ursnif hosted on Firefox Send, first time I see that, is it frequent ? pic.twitter.com/eiDETrUVeA
— Hash Miser (@H_Miser) July 6, 2020
Spyware attacks are deceptively sophisticated:
– FireFox Send hosted malware
– Large padded files to avoid security products
– Signing certs registered thru "identity theft" of small businesses
This targeted individual HRDs, but many enterprises wouldn't detect this either. https://t.co/DdedLasD2U
— Alyssa (@ramen0x3f) June 15, 2020
Briefly, from ransomware to spyware and banking trojans, users could see different types of malware uploaded on the platform.
After that, researchers quickly highlighted the fact that the lack of a dedicated report abuse feature contributed to such exploitation.
Consequently, Mozilla temporarily suspended the service as they investigate the allegations.
Mozilla To Introduce Report Abuse
Alongside investigations, Mozilla has another reason to pull Firefox Send offline. As their spokesperson told ZDNet, the service is working on launching a dedicated ‘Report Abuse’ feature.
These reports are deeply concerning on multiple levels, and our organization is taking action to address them.
We will temporarily take Firefox Send offline while we make improvements to the product. Before relaunching, we will be adding an abuse reporting mechanism to augment the existing Feedback form, and we will require all users wishing to share content using Firefox Send to sign in with a Firefox Account.
We are carefully monitoring these developments and looking critically at any additional next steps.
So now, the service is offline. But it will surely be back online soon after addressing the matter.
Though, they haven’t specified a timeline for it yet. Nonetheless, what’s great is that the suspension has also halted the dissemination of malware hosted on Firefox Send.
Let us know your thoughts in the comments.