Overview

• Mozilla has confirmed a phishing campaign impersonating AMO staff to harvest credentials from Firefox add-on developers.
• Phishing messages assert that developer accounts require updates to maintain access to features and contain links that lead to credential-harvesting pages.
• At least one developer reports falling victim to the scheme, though the overall scale and success rate of the campaign remain under investigation.
• Mozilla advises developers to verify sender domains, confirm emails pass SPF, DKIM and DMARC authentication checks, and access addons.mozilla.org only through its official URLs.
• Security teams have already removed more than 40 malicious crypto-wallet–stealing extensions since April and are enhancing platform defenses against supply-chain threats.