Mozilla has temporarily suspended its Firefox Send file transfer service after cyber-security professionals reported several instances of abuse by organized malware operators. The organization confirmed the development to ZDNet on Tuesday. According to a Mozilla spokesperson, the service will add a abuse-reporting mechanism before it goes live again.
“These reports are deeply concerning on multiple levels, and our organization is taking action to address them. We will temporarily take Firefox Send offline while we make improvements to the product. Before relaunching, we will be adding an abuse reporting mechanism to augment the existing Feedback form, and we will require all users wishing to share content using Firefox Send to sign in with a Firefox Account. We are carefully monitoring these developments and looking critically at any additional next steps”, they said.
The developments follow persistent complaints from cyber-security experts, who claim that the service was being used to store payloads for all sorts of cyber-crime. That includes ransomware, banking trojans and spyware used to target human rights activists. In most cases, the modus operandi for these malware authors was the same. They uploaded their malicious payloads on Firefox Send, which stored these files in an encrypted format. Hackers then send those links via emails to their unsuspecting victims.
Originally announced in 2017, Mozilla’s privacy-focused, free, encrypted file transfer service, ‘Firefox Send’, was finally available for all users in March, 2019. It allows users to share files of up to 1GB without requiring any sign-in. However, Mozilla account holders can share files of up to 2.5GB in size. The service is completely free and requires only an e-mail ID and password. As with everything Mozilla, Firefox Send is also ‘Private by Design’. It comes with full encryption to ensure safety and privacy of users.