Phishing Attacks Strike AMO Developer Community
Mozilla has issued a critical warning to developers of Firefox browser extensions: a sophisticated phishing campaign is actively targeting accounts on its official add-on repository, addons.mozilla.org (AMO). With over 60,000 extensions and 500,000+ themes hosted on the platform, millions of Firefox users could be impacted if these malicious efforts succeed.
Fake Emails Mimicking Mozilla Target Developers
According to Mozilla’s advisory, cybercriminals are sending phishing emails impersonating the AMO team, claiming that developers must “update” their accounts to maintain access to developer features. These emails appear deceptively official and carry urgent messaging such as, “Your Mozilla Add-ons account requires an update to continue accessing developer features.”
While the emails may look legitimate, Mozilla warns that they are entirely fraudulent, crafted to trick developers into revealing their credentials and handing over access to their extensions.
What Mozilla Recommends to Stay Safe
Mozilla urges all developers to follow strict security practices to protect their accounts. These include:
- Verifying that emails originate from legitimate Mozilla domains like mozilla.org, mozilla.com, firefox.com, or their subdomains
- Checking for SPF, DKIM, and DMARC authentication in email headers
- Never clicking on embedded email links, even if they appear to be from trusted sources
- Accessing Mozilla platforms directly by typing in URLs instead of following links from emails
Developers should only log in to their accounts on official Mozilla or Firefox websites, ensuring they don’t unintentionally hand over access to attackers.
No Data on Scope Yet—But Damage Could Be Serious
Mozilla has not yet revealed the full scale of this phishing campaign, or whether any accounts have been successfully compromised. However, at least one developer has reported falling victim. This raises concerns about the potential for malicious add-ons being uploaded or hijacked, posing a direct threat to user security and privacy.
Security Moves Against Crypto Theft Also in Play
This alert comes shortly after Mozilla’s announcement of a new security feature designed to detect and block malicious extensions, especially those targeting cryptocurrency wallets. According to Andreas Wagner, Add-ons Operations Manager at Mozilla, hundreds of suspicious or harmful extensions—including fake crypto wallets—have already been removed in recent years.
This is a response to a wider problem: crypto wallet-draining attacks resulted in over $494 million in losses last year, with over 300,000 wallet addresses affected.
Conclusion: Developers Must Be Vigilant
This phishing campaign underscores the growing risk that even trusted platforms like AMO face in the current cybersecurity climate. Mozilla’s swift response is a reminder that developers must prioritize account security, remain skeptical of unsolicited messages, and adopt zero-trust best practices. Staying alert is not just important for individual developers—it’s essential to keeping the wider Firefox ecosystem safe.
