Representatives from Mozilla warn extension developers about an active phishing campaign aimed at hacking accounts on the official AMO platform (addons.mozilla.org).
Currently, AMO hosts over 60,000 extensions and more than 500,000 themes, which are used by tens of millions of people worldwide.
According to an official announcement from Mozilla, phishers targeting developers are disguising their emails as messages from the AMO team, claiming that the user’s account supposedly requires an urgent update to maintain access to development features.
“We are warning the developer community that we have detected a phishing campaign targeting AMO (addons.mozilla.org) accounts. Extension developers should exercise extreme caution when receiving emails purportedly sent on behalf of Mozilla or AMO,” representatives of the organization write.
It is noted that, as a rule, fraudulent emails contain a variation of the text “To continue accessing development features, you need to update your Mozilla Add-ons account.”
To protect their accounts, developers are advised to always check the domains from which emails originate (firefox.com, mozilla.org, mozilla.com, or their subdomains), ensure that the messages have passed standard checks (SPF, DKIM, DMARC), and avoid clicking on suspicious links.
Additionally, Mozilla recommends accessing the organization’s websites directly rather than clicking on links from emails and entering login and password information only on official Mozilla or Firefox domains.
Although the scale of this phishing campaign, its ultimate goals, and the number of affected accounts are not disclosed, in the comments on the post at least one developer claims to have fallen victim to such an attack.