Complain about Afrowidgets firefox addon from kerawa.com

temgo · June 20, 2015, 9:51am

Hello

I am getting complaints from some of my afribaba’s users from some African markets regarding kerawa afrowidgets firefox add-on.

In fact, when users install this kerawa add-on https://addons.mozilla.org/en-US/firefox/addon/afrowidgets/
and visit most of the sites under www. afribaba .com like afribaba .cm afribaba .ci afribaba .sn afribaba .ga etc… they are redirected to competitors site at kerawa .com

www.afribaba.cm redirect to http:// kerawa .com/cameroun-r40
www.afribaba.ci redirect to http:// kerawa .com/cote-d-ivoire-r43
www.afribaba.sn redirect to http:// kerawa .com/senegal-r55
www.afribaba.cd redirect to http:// kerawa .com/congo-kinshasa-r42
and much more sites from afribaba

Note: afribaba and kerawa are just competitors from the same markets and kerawa developers have set up this extension with MALICIOUS INTENTION over afribaba users and traffic.

Please let me know the steps to fire a legal complain against kerawa.com and his firefox add-on.
Or simply the steps to complain at mozilla so that their add-on are banned from the firefox as it was done with intentionally MALICIOUS INTENT

Regards

arenlor · June 20, 2015, 1:02pm

There are three users of that addon and it has not been reviewed yet. If its behavior is as you say it is, and it’s still there when it has been reviewed then use the Report Abuse link just below the review button on its listing.

temgo · June 20, 2015, 1:35pm

Hello

I am not sure they are only 3 users, because I got more than 7 complaints before testing myself (and I have installed myself in 4 browsers at MAC and Windows PC)… so I am not sure the counter is just working fine.

Regards

John99 · June 20, 2015, 8:42pm

There is a possibility the addon may be hosted or available elsewhere.
If that is the case this forum will not be of direct help to you if people are using those copies of the addon.

However if that is the case then you may be interested to note: There are plans in progress, to make it a requirement that in future, addons will need to be “signed” before being used on Firefox. That plan may prevent many unapproved addons from being used.

jorgev · June 24, 2015, 1:18am

The add-on was currently rejected due to remote script injection. Redirecting from a commercial site to another can be allowed depending on the circumstances. If this is being done without clear user knowledge, it would also not be allowed to pass review on AMO.

temgo · June 24, 2015, 7:19am

Hello

Thanks so much for your input.

Please let’s all try our best to make the browser safe and avoid such malicious activities to simply destroy the competitors

Regards

temgo · June 26, 2015, 3:00pm

Hello

It appears Firefox is allowing any external malicious script be installs.

We can still have it here https:// kerawa.com//rss_widget/browser-extensions/firefox/afrowidgets1.6.xpi

As they are forcing they customers to install it after a visit

So obviously, the problem is not fix

Regards

temgo · June 26, 2015, 2:42pm

After spying their extension, I Can see that this is the intentional redirection they are doing (all sites from www.afribaba.com)

from …/resources/afrowidgets/data/js/redirection/config.js

{siteURL: 'afribaba.cd', targetURL: 'kerawa.com/congo-kinshasa-r42', },
{siteURL: 'afribaba.ci', targetURL: 'kerawa.com/cote-divoire-r43', },
{siteURL: 'afribaba.co.ke', targetURL: 'kerawa.com/kenya-r46', },
{siteURL: 'afribaba.cm', targetURL: 'kerawa.com/cameroun-r40', },
{siteURL: 'afribaba.sn', targetURL: 'kerawa.com/senegal-r55', },
{siteURL: 'afribaba.ga', targetURL: 'kerawa.com', },
{siteURL: 'afribaba.info', targetURL: 'kerawa.com', },
{siteURL: 'facebook.com/afribaba', targetURL: 'facebook.com/WaribaOnline', },
{siteURL: 'mercannunci.', targetURL: 'kerawa.com', },
{siteURL: 'mercanuncios.pt', targetURL: 'kerawa.com', },

arenlor · June 27, 2015, 9:23am

Mozilla has no control over addons not hosted at addons.mozilla.org and has blocked the addon there. I’m not sure, but I think that in version 40 the signing requirement will prevent this addon, since my understanding is that it won’t pass the automated test to even be signed. See changes and the requirements as linked from there. Until then, in America sadly this isn’t illegal, it may be in your country/countries and you can do something about it there. That or submit it to some of the common anti-virus companies to see if they may list it as malicious.

jorgev · June 30, 2015, 10:55pm

Note that this bug was filed to get the add-on blocked. The request was rejected, and the details are in the bug. If you have more information about this add-on that could get it blocked, please post it here or on the bug report.