Mozilla WASP tools backdoored

Here's a pretty scary story, if you're a web developer. One of the tools in the very popular WASP toolkit for web application security testing, turned out to be a rogue bit of malware that was actively sending login/password information to an evil website somewhere.

Thankfully, an alert developer noticed this while using the tools, and was aware enough to notify Mozilla, who reacted quickly:

he received a reply within minutes and the extension was pulled from the site shortly afterwards. Mozilla will be automatically disabling the add-on for anyone who has downloaded and installed it.

Still, it's a chilling reminder that malware can lurk in all sorts of places on modern computers, and you need to always be aware about the security considerations of the work you're doing.