First Malware for Firefox Mobile OS

Firefox OS is a mobile operating system based on Linux and Mozilla’s Gecko technology, whose environment is dedicated to apps created with just HTML, CSS, and JavaScript.

Asia’s largest information security conferences Ground Zero 2013 Summit, a 17 years old independent security researcher Shantanu Gawde will hold a presentation about a malware for Firefox OS.


He has developed a malicious program that’s capable of infecting Mozilla’s Linux-based, open source operating system. 

Firefox OS is different other mobile operating systems. Every app in Firefox OS including the Camera and the Dialer is a web app, a website in the form of an app. Mozilla has developed Web APIs so that HTML5 apps can communicate with the device’s hardware and Shantanu has used the same APIs intentionally to exploit the device for malicious purpose.

The malware developed by the various tasks, including accessing the SD card, remotely transferring contacts, tracking the user’s location, remotely controlling the FM radio, uploading and downloading content, and uploading data to a server.

There are two types of Firefox OS apps: packaged and hosted. Packed apps are essentially a zip file containing all of of an apps assets: HTML, CSS, JavaScript, images, manifest, etc.

The conference starts on November 7 Shantanu Gawde says he will try to explore even more “hacking possibilities.” He warns that currently there’s no way of detecting or mitigating such attacks.

Shantanu Gawde said to 'The Hacker News' 

"The purpose of the PoC is of course to motivate developers to ensure better security on their platforms rather than providing inspiration to those with malicious intents."

In summit his demonstration will showcase the malware app developed by him using just HTML, CSS, and JavaScript, and capability to perform many malicious tasks remotely on the device