Mozilla Suspends Firefox Send Due to Concerns Over Malware Abuse

Firefox logo on facade of Mozilla office

Mozilla has temporarily suspended its Firefox Send service while the organization looks into malware abuse. The service was taken down on Tuesday after ZDNet asked some questions about the current malware operations. As a solution, Mozilla will add a ‘Report Abuse’ button to the file-sharing service.

Firefox Send

Mozilla launched Firefox Send in March 2019. It was designed to transfer files that are too big or sensitive for email, in a secure way. Firefox Send is similar to other file transferring services such as WeTransfer, Mega, and STACK.

Firefox Send offers end-to-end encryption for the files you transfer. You can also set a password for your files, so that it’s not possible for strangers to open them. Another feature is that the files can be automatically deleted after a set period of time or number of downloads. You can transfer files up to one gigabyte. And the files can be even larger if you have a Firefox account.

But the service has been offline since Tuesday. The domain currently displays the message “Firefox Send is temporarily unavailable while we work on product improvements”. It was taken offline following reports that the service is used to distribute malware. A Mozilla spokesperson stated that the reports “are deeply concerning on multiple levels, and our organization is taking action to address them”.


End-to-end encryption is very important for the privacy of the service’s users. But the problem is that these encrypted files will also not be picked up by spam filters or malware detection apps. And that’s exactly how cybercriminals are using the service.

Cybercriminals are using the service to smuggle malware past security defenses. They can send files to anyone and they will look like a normal file sent through a trusted service. But once the link is opened it will turn out to be malware. Organizations such as FIN7, REVil (Sodinokibi), Ursnif (Dreambot) and Zloader are known to have used Firefox Send to distribute malware.

Covering Their Tracks

One of the reasons that Firefox Sent has become so popular amongst cybercriminals, is that they can use its features to cover their tracks. They can sent up a link in such a way that it will be deleted after one download or one day. Software engineer Nick Carr said on Twitter last month that “one-time links continue to pose unique engineering trade-offs for phishing security tech”.

Reporting Abuse

One of the solutions for this problem is that Mozilla is working on a “Report Abuse” button. Although critics are not sure this is going to change anything. Some experts have said that there is no point in reporting abuse if attackers are sending unique files to their targets. There is no way to trace that back to a cybercriminal.

Another change that Mozilla will make is that the company “will require all users wishing to share content using Firefox Send to sign in with a Firefox Account”. This seems to be a sensible move, since this will force anyone who uses the service to leave a trace – including cybercriminals. At the moment, you don’t have to be signed in if you want to transfer files. The only advantage to signing in is that you can transfer larger files – up to 2.5 gigabyte.

It is not clear when the Firefox Send will be available again. Currently, nobody can access their files on the service, because all links have been deactivated. But at least that will stop the criminals for now. And in the meantime Mozilla will work to improve its service.

Cybersecurity analyst
David is a cybersecurity analyst and one of the founders of Since 2014 he has been gaining international experience working with governments, NGOs, and the private sector as a cybersecurity and VPN expert and advisor.