Mozilla suspended the Firefox Send service after it
received reports that it was used by bad actors to host and send malware to
unsuspecting users.
Firefox Send is a
service that lets people upload files and send them to other users in a secure
manner. The payload is encrypted on the server, making it difficult for third
parties to intercept. While it might be a good service for people looking for
privacy, it was also used in nefarious purposes.
It was just a matter of time before malware operators
figured out that a trusted online service used to send files, which also
features a timeout function for the hosted data, was a great tool to deploy
everything from trojans to ransomware.
According to a ZDNet report,
security researchers noticed this worrying trend a while ago and kept pestering
the company to do something about the situation. Unfortunately, investigations
into possible attacks were hampered by the fact that links to the infected
files expired by the time a proper analysis could be performed.
One of the features that security experts wanted to see
added to Firefox Send was a “Report File” button, but that didn’t
happen. But, in a surprise move, Mozilla moved to suspend the service entirely
until they could safely provide this service.
We will temporarily take Firefox Send offline while we
make improvements to the product,” said Mozilla to ZDNet. “Before
relaunching, we will be adding an abuse reporting mechanism to augment the
existing Feedback form, and we will require all users wishing to share content
using Firefox Send to sign in with a Firefox Account. We are carefully
monitoring these developments and looking critically at any additional next
steps,” the company explained.
There is no timeline for the service’s return, and all
links generated by the service that were still available have been deactivated.