Mozilla Warns Extension Developers About Phishing Attacks

Red Dog Security

05 Aug 2025 — 1 min read

Mozilla has issued an urgent warning to browser extension developers about an ongoing phishing campaign targeting accounts on the official addons.mozilla.org (AMO) platform. AMO hosts more than 60,000 extensions and 500,000 themes, serving millions of users around the world.

How the Attack Works

The phishing scheme begins with emails impersonating official AMO communications. These messages urge developers to take immediate action—often claiming their access to publishing tools is at risk if they don’t comply.

Example phishing message:

“To continue using developer features, you must update your Mozilla Add-ons account.”

The emails include links that redirect victims to spoofed login pages, designed to steal credentials.

Mozilla’s Recommendations

To protect their accounts, developers are strongly advised to follow these guidelines:

✔ Verify sender domains: Legitimate messages come from firefox.com, mozilla.org, or their subdomains.
✔ Check email authentication headers: Confirm valid SPF, DKIM, and DMARC records.
✔ Avoid clicking links in suspicious emails—navigate directly to official Mozilla sites instead.
✔ Enter credentials only on verified Mozilla or Firefox domains.

Additionally, enabling two-factor authentication (2FA) is highly encouraged.

Current Impact

Mozilla has not disclosed how widespread or successful the campaign has been. However, at least one developer confirmed being targeted, as noted in the comments section of the official announcement.

The incident underscores a broader concern for the open-source ecosystem: if a developer’s account is compromised, attackers could push malicious updates to legitimate browser extensions—putting end users at risk.

Final Note

Mozilla’s warning is part of a growing trend in the tech industry, where developer platforms are becoming prime targets for phishing and credential theft. The safest defense remains constant vigilance, proper authentication hygiene, and proactive reporting of suspicious activity.

Law Enforcement Shuts Down Pirate Streaming Network Streameast

Egyptian authorities, working with the Alliance for Creativity and Entertainment (ACE), announced they have dismantled Streameast—described as the world’s largest illegal sports streaming network. Two alleged operators have been arrested. A Giant in Pirate Streaming Founded in 2018, Streameast offered free, ad-supported access to HD content from licensed

Apple Invites Researchers to Test iPhone Security

Apple has opened applications for its 2026 Security Research Device Program (SRDP), giving white-hat experts the chance to receive a specially configured iPhone for cybersecurity research. Applications are open until October 31, 2025. What the Program Offers Launched in 2020, SRDP provides researchers with “hackable” iPhones designed to make iOS

Kaspersky Lab Studies Hack Groups Attacking Russia

Kaspersky Lab specialists have conducted a technical analysis of the activity of 14 hacker groups that are actively targeting organizations in Russia, Belarus, and several other countries. Among them are hacktivist groups that appeared on the Russian threat landscape after 2022 and publicly identified themselves as “pro-Ukrainian.” Three Clusters of

Salesloft Temporarily Disables Drift Following Mass Data Theft

Salesloft has announced that it will temporarily disable its AI chatbot Drift starting September 5, 2025, after a large-scale supply chain attack resulted in the mass theft of authentication tokens. The Attack Last week it was revealed that hackers had compromised the Salesloft sales automation platform and stole OAuth and