‘Firefox Send’ offline after abused by Malware

[German]Mozilla's developers have implemented the Firefox Send service for encrypted file transfer in a browser. After the service was abused for spreading malware via short links, the service is taken temporarily offline.


What Firefox Send offers

If you want to share larger files with other users, you cannot do this by e-mail. It is a good idea to upload the files to the cloud (Dropbox, OneDrive, Google Drive) and send the link. Or you can use a service like Firefox Send.

Firefox Send

To do this, the file must be uploaded to the service in the browser. In a form page (see figure) you can specify whether the file is to be protected with a password (in addition to the standard encryption). Furthermore, an expiration condition can be defined. After uploading, the service returns a link. This link can be shared with the link recipient, who can then download the encrypted file. The uploaded file and the link expire after 24 hours or after a download. The service can be used free of charge.

Malware authors abuse the

Unfortunately, as with so many simple, free and effective online services: there is abuse. It is easy for cyber criminals to generate temporary links based on trusted URLs for the exchange of any files. And there are virtually no traces left in the cloud.

Firefox Send was then misused for "data infiltration". The malware used the service to import malware files or attack tools into a network they had already infiltrated. The service offered a chance to avoid attracting undue attention.


Cyber criminals also love Firefox Send because using Firefox Send means they don't have to set up their own file-sharing server with a legitimate-looking URL. And the criminals don't have to worry about their URLs expiring automatically after use.

Sophos has published this issue with details in this blog post. For security researchers, links that only work once are a problem. Even if a security researcher manages to get a full URL as an indicator of compromise, it is worthless. After all, you can no longer call up this URL and investigate what malicious is shipping as a payload.

Firefox Send temporarily suspended

Cyber security researchers had approached Mozilla and the Firefox team with suggestions to improve the service. For example, there should be a [Report Abuse] button to block questionable links quickly and easily.

Firefox Send
(Firefox Send, Source: Sophos Naked-Security)

Mozilla and/or the Firefox developers have temporarily suspended the Firefox Send service to address the above issues. If you visit the corresponding website, you will see the above message.

Cookies helps to fund this blog: Cookie settings

This entry was posted in browser, Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *