Firefox OS is a mobile operating system based on Linux and Mozilla’s Gecko technology, whose environment is dedicated to apps created with just HTML, CSS, and JavaScript.

After almost two years of development, a few months back Mozilla officially launched their Firefox OS devices in stores and now the first Malware for the brand new platform is available.

Shantanu Gawde, 17-years-old, an Independent Security Researcher is going to demonstrate the very first known malware for Firefox OS at the upcoming Information Security Summit - The Ground Zero (G0S) 2013, to be held on November 7th - 10th, 2013 at The Ashok, New Delhi.

Firefox OS is different - Every app in Firefox OS including the Camera and the Dialer is a web app, i.e. a website in the form of an app. Simple! Mozilla has developed Web APIs so that HTML5 apps can communicate with the device’s hardware and Shantanu has used the same APIs intentionally to exploit the device for malicious purpose.

Basically, there are two types of Firefox OS apps: packaged and hosted. Packed apps are essentially a zip file containing all of of an apps assets: HTML, CSS, JavaScript, images, manifest, etc.

Hosted apps are just a website is the application, means you can host the app on a publicly accessible Web server, just like any other website.

His demonstration will showcase the malware app developed by him using just HTML, CSS, and JavaScript, and capability to perform many malicious tasks remotely on the device i.e. Accessing SD Card Data, Stealing Contacts, downloading-uploading Files on device, Tracking Geological location of the user etc.

"The purpose of the PoC is of course to motivate developers to ensure better security on their platforms rather than providing inspiration to those with malicious intents." he told 'The Hacker News'.
The rapid growth and evolution of mobile malware is swiftly becoming a highly profitable business for cybercriminals. According to the third annual Mobile Threats Report from Juniper Networks, mobile malware threats have grown a huge 614% in the period March 2012 to March 2013.

With mobile malware on the rise and attackers becoming increasingly clever and they are also targeting every possible new platform. Make sure you will be at Ground Zero this year to see live threat to one of the prominent upcoming mobile operating systems.

Update : A Mozilla spokesperson provided the following statement: "We are aware of plans to demonstrate a malware app able to perform malicious tasks on the Firefox OS phone. Such attacks usually rely on developer mode functionality, which is common to most Smartphones but disabled by default. In addition, we believe this demonstration requires the phone to be physically connected to a computer controlled by the attacker, and unlocked by the user."

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.