Mozilla has issued a warning about an ongoing phishing campaign aimed at tricking Firefox add-on developers into giving up their login credentials.
TLDR:
- Cybercriminals are sending fake emails pretending to be Mozilla, claiming developers need to update their add-on accounts.
- The phishing campaign is targeting developers on AMO (addons.mozilla.org), Mozilla’s official platform for extensions and themes.
- Mozilla urges caution and recommends never clicking on links in suspicious emails, and only logging in through official Mozilla domains.
- At least one developer account has been compromised, though the full impact remains unclear.
What Happened?
Mozilla discovered a phishing campaign that’s trying to break into developer accounts by impersonating its Add-ons team. These emails falsely claim developers must update their AMO account settings or risk losing access to publishing features. The attack specifically targets creators who use Mozilla’s trusted platform to distribute Firefox browser extensions.
Mozilla Warns of Deceptive Emails Targeting AMO Developers
The phishing emails mimic official communications from Mozilla, containing alarming messages such as “Your Mozilla Add-ons account requires an update to continue accessing developer features.” These are designed to prompt developers to click malicious links and unknowingly hand over their account credentials.
Mozilla’s AMO platform hosts more than 60,000 extensions and half a million themes used by millions of Firefox users globally. That makes it a prime target for attackers who want to gain control over legitimate developer accounts and possibly inject malicious code into extensions.
Red Flags and How to Stay Safe
Mozilla has laid out clear signs and safety tips to help developers avoid falling victim:
- Legitimate Mozilla emails only come from trusted domains, such as
mozilla.org,firefox.com,mozilla.com, or their subdomains. - Fake emails often come from lookalike domains, like “mozila”, and fail email authentication checks like SPF, DKIM, and DMARC.
- Do not click on links in any suspicious email. Instead, go directly to Mozilla websites using your browser.
- Only enter your credentials on official domains like
mozilla.orgorfirefox.com.
Security experts also recommend checking email headers to verify domain authenticity and always looking for spelling mistakes or inconsistencies in the sender’s address.
The Impact So Far
Although Mozilla hasn’t publicly disclosed the total number of affected developers, at least one victim has confirmed falling for the scam, briefly losing control of their add-on before removing it. Mozilla has said more updates will follow if new details emerge.
This warning comes shortly after Mozilla announced improved security tools to fight against harmful extensions, including those designed to steal cryptocurrency. In 2024 alone, cybercriminals drained $494 million in digital assets via malicious browser extensions.
What TechKV Thinks
Honestly, this kind of phishing attack is a wake-up call. As someone who watches cybersecurity trends closely, I’ve seen how these scams prey on urgency and trust. Mozilla’s Add-ons site is a central hub for extensions that millions rely on, and when developer accounts get hijacked, it threatens the whole ecosystem. The best defense here is skepticism. If something feels off in an email, don’t take the bait. I hope Mozilla ramps up user education and maybe adds stronger two-factor protections to help developers stay safe.
