The Wappalyzer extension download for Firefox is being blocked and identified as corrupt, according to a new pop-up warning showing in the Mozilla browser on Monday.
Cybernews’ Head of Security Vincentas Baubonis said he first noticed an issue with the Wappalyzer addon about 5:00 p.m. Eastern Time.
“I think something is wrong with the Wappalyzer extension on Firefox extension store,” Baubonis said about the popular developer and pen-testing tool that allows the user to "instantly reveal the technology stack of any website."
“You can’t install the extension. It is saying it's corrupt, and if you try and download it manually with a curl-u command and check VirusTotal, it reports a generic crypto miner,” Baubonis explained.
The pop-up warning reads, "The add-on downloaded from this site could not be installed because it appears to be corrupt."
It appears Baubonis was not the only security guru to have noticed, with several users also commenting on the warning in the review section on Mozilla’s Firefox add-on page.
“Installation aborted because the add-on appears to be corrupt,” said Firefox user Auston Matthews, who tried adding the extension Monday afternoon.
Firefox user Linux Flatpak, using the latest version 138.0.1 (64-bit) also reported “the extension doesn't work” around 6:00 a.m. ET, Monday morning.
“Installation aborted because the add-on appears to be corrupt," they said.
Stealthy Trojan spyware or false positive?
Still, not one to jump the gun, Baubonis also stated that the alleged Trojan virus could be “a false positive” – and that seems to be the more likely explanation here.
Here’s the scoop. The Wappalyzer extension was flagged by the Indian-based cybersecurity firm Max Secure, which offers its own branded anti-virus software to detect such malware threats, and its scanner is incorporated into the VirusTotal checker.
The company identified the extension as “Trojan.W32.Script.Miner.gen,” although at least 31 other security vendors and their anti-virus scanners – including Trend Micro-HouseCall, CrowdStrike Falcon, and ESET-NOD32 – have all cleared the add-on as malware “undetected.”
It also appears that MaxSecure antivirus scanners have been known to trigger false positives, as noted by some Github users in the past few years.
One particular August 2023 GitHub thread titled “virustotal false positively detects malware (MaxSecure)” provides an almost identical example of a “false positive” picked up by VirusTotal via the MaxSecure scanner.
Still, Baubonis said that if the Firefox Wappalyzer add-on is truly a corrupt extension, it would be “kinda huge” as Wappalyzer has a “big hacker fan base.”
Our advice is to be aware and, of course, never download an add-on or extension without checking it first with reputable anti-virus software. Also, know that this is a known Trojan, and many of the anti-virus programs have tools to detect and delete the Trojan if it happens to get on your device.
The “Trojan:Win32/Miner” is described by Microsoft as a evasive threat that “can perform a number of actions of a malicious actor's choice on your device.”
The malware is designed to spy on a user's activity. Once it is delivered to the device – usually by hiding out in a legitimate file that is downloaded by an unsuspecting user – the attacker can intercept keyboard strokes, take screenshots, capture a list of active applications, and more.
To note: Cybernews did check, and the Wappalyzer add-on extension for the Google Chrome browser was functioning with no issues for us on Monday.
On the add-on page for Wappalyzer, Mozilla cautions would-be users, “This add-on is not actively monitored for security by Mozilla. Make sure you trust it before installing.”
Your email address will not be published. Required fields are markedmarked