The National Cyber Security Centre SK-CERT warns against using Firefox Send to spread malicious code

The popular Firefox Send service has been a target of an active abuse by attackers to distribute malicious software aimed to damage or steal information from the victim’s device. The attacks are still ongoing and have been reported in Slovak cyberspace.

Firefox Send providing users free private file transfers. It also offers optional security features that can be set up. You can choose when the link to your file expires, limit downloads, or add a password as an additional security level. With Send, you can quickly share files up to 1 GB without registration. However, if you want to upload files up to 2.5 GB in size, you need to sign up for free Firefox account. After uploading the file, Firefox Send will create a link that you can share with the recipient. Firefox declares in this service’s Privacy Policy[1]that it receives an encrypted file from the sender of a file without access to the contents of that file, and such file is stored for a maximum of 24 hours to 7 days.

Abuse of this service with spread of malicious software has already been reported in Europe. Recipients received an email with a link and password, and after entering it, malicious software was downloaded and installed on the device. The subject of the report contained the title: “COVID-19: Notre accompagnement auprès de nos actionnaires” (COVID – 19 Our support to shareholders). The link was also published on the social network Twitter[2]. Malicious software subsequently corrupted or stolen information from victims’ devices.

NCKB SK-CERT  has recorded a similar way of abusing the Firefox Send service in the Slovak cyberspace – the mail, which appeared to be from a legitimate Slovak domain, but was in fact sent from a foreign domain and servers, contained the English text:

„Good afternoon, you are entitled to extra pay because of quarantine of coronavirus?

See more info:

[malicious URL link]

Password for archive: [password] “

The attackers once again took advantage of the situation regarding the spread of COVID – 19 and a reckless reaction of people who immediately opened the report and did not check the source. Because it is not necessary to have a Firefox account to access the file, attackers have only been given a convenient way to spread malware.

NCSC SK-CERT recommends in connection with ongoing attacks:

  • Do not open unauthenticated messages or messages from unknown users
  • Do not open suspicious attachments
  • Do not open suspicious URLs, especially if they contain a link to Firefox Send and you are unaware that someone wants to share files with you through Firefox Send
  • We also recommend that you do not open URL links from any other similar sharing service unless you know the sender and expect no file.
  • In case of suspicion, verify the content of the message with the sender in another form (by phone, in person)
  • If you’ve received an email or other message that contained a link to Firefox Send and you don’t use this service, or do not share files with anyone in this way, contact NCSC SK-CERT

Sources:

[1] https://send.firefox.com/legal

[2] https://twitter.com/SecurityAura/status/1272934606937956353?s=20

 


« Späť na zoznam
Current threats
all publications
Links