Last week’s Friday the Mozilla Foundation spread the news that they detected two infected Firefox Add-ons on their servers. They removed the Add-ons and added more malware scanners to their servers for checking whether uploaded software is clean or malicious.
Affected were the Add-ons “Sothink Web Video Downloader” and “Master Filer”. After an analysis by Aviras malware researchers we can confirm that the “file.exe” included in the “Master Filer” add-on is indeed malicious. Avira AntiVir detects it with generic detections as TR/Dropper.gen; it is a trojan of the Bifrose family.
The allegedly infected file “nsCatcher.dll” from the “Sothink Web Video Downloader” is not malicious according to Aviras research, though. We informed Mozilla about this.
Avira users were safe: The antimalware solutions detected the malware bundled in the Add-on “Master Filer” as TR/Dropper.gen already.