Overview
- Mozilla has confirmed a phishing campaign impersonating AMO staff to harvest credentials from Firefox add-on developers.
- Phishing messages assert that developer accounts require updates to maintain access to features and contain links that lead to credential-harvesting pages.
- At least one developer reports falling victim to the scheme, though the overall scale and success rate of the campaign remain under investigation.
- Mozilla advises developers to verify sender domains, confirm emails pass SPF, DKIM and DMARC authentication checks, and access addons.mozilla.org only through its official URLs.
- Security teams have already removed more than 40 malicious crypto-wallet–stealing extensions since April and are enhancing platform defenses against supply-chain threats.