INTRO: Mozilla has temporarily suspended its Firefox Send file transfer service after cyber-security professionals reported several instances of abuse by organized malware operators. The organization confirmed the event to ZDNet on Tuesday. According to a Mozilla spokesperson, the service will add an abuse-reporting mechanism before it goes live again.
“These reports are deeply concerning on multiple levels, and our organization is taking action to deal with them. We will temporarily take Firefox Send offline while we make improvements to the merchandise. Before relaunching, we’ll be adding an abuse reporting mechanism to reinforce the prevailing Feedback form, and that we would require all users wishing to share content using Firefox Send to sign in with a Firefox Account. We are carefully monitoring these developments and searching critically at any additional next steps”, they said.
The developments follow persistent complaints from cyber-security experts, who claim that the service was getting used to store payloads for all kinds of cyber-crime. That includes ransomware, banking trojans, and spyware wont to target human rights activists.
In most cases, the routine for these malware authors was an equivalent. They uploaded their malicious payloads on Firefox Send, which stored these files in an encrypted format. Hackers then send those links via emails to their unsuspecting victims.
Originally announced in 2017, Mozilla’s privacy-focused, free, encrypted file transfer service, ‘Firefox Send’, was finally available for all users in March 2019. It allows users to share files of up to 1GB without requiring any sign-in. However, Mozilla account holders can share files of up to 2.5GB in size. The service is totally free and requires only an e-mail ID and password. As with everything Mozilla, Firefox Send is additionally ‘Private by Design’. It comes with full encryption to make sure the safety and privacy of users.