A new report from Citizen Lab, an interdisciplinary laboratory based at the Munk Centre for International Studies at the University of Toronto, Canada, has revealed that Gamma International has been busy deceiving hundreds of internet users into installing its lethal spyware program, FinSpy, via fake versions of the Mozilla Firefox browser.

FinSpy is part of the commercial intrusion kit, Finfisher, distributed by Gamma. The software is officially described as a “field-proven Remote Monitoring Solution that enables Governments to face the current challenges of Mobile and Security-Aware Targets that regularly change location, use encrypted and anonymous communication channels and reside in foreign countries.”

Mike Wheatley describes in a previous article what this really means, saying that FinSpy is in reality an impressive yet also completely repressive software surveillance tool used by governments, ostensibly to spy on suspected terrorists. Only problem is, not all governments using it are so honest, and there have been reports that the software is also being used to target pro-democracy activists in Bahrain, and more recently, to spy on opposition activists ahead of Malaysia’s upcoming General Elections.

Now, things are getting worse. “For Their Eyes Only: The Commercialization of Digital Spying” describes how users are being duped into opening malware-laced attachments in politically-themed e-mails, which then install the malicious spyware onto mobile devices so their conversations and activities can be monitored.

The worst part is the spyware can disguise itself in various forms to deflect any suspicion, and its this capability that has got Mozilla’s knickers in a twist.  According to Citizen Lab, a “booby-trapped document embeds a copy of FinSpy that masquerades as legitimate Mozilla Firefox software”, so even if a user suspects something not right is happening, he or she will not be able to pin-point it.

“This is not the first time that a FinSpy sample has used the “Mozilla Firefox” product name to masquerade as legitimate software. Samples from the FinSpy campaign targeting Bahraini activists last year used an assembly manifest that impersonated Mozilla’s Firefox browser,” Citizen Lab stated on its report.

Mozilla was quick to take action after learning Citizen Lab’s findings and sent a cease and desist letter to Gamma demanding that it stops its illegal practices.

“As an open source project trusted by hundreds of millions of people around the world, defending Mozilla’s trademarks from this type of abuse is vital to our brand, our users and the continued success of our mission. Mozilla has a longstanding history of protecting users online and was named the Most Trusted Internet Company for Privacy in 2012 by the Ponemon Institute. We cannot abide a software company using our name to disguise online surveillance tools that can be – and in several cases actually have been – used by Gamma’s customers to violate citizens’ human rights and online privacy,”Alex Fowler, Mozilla’s head of privacy and public policy, wrote in a blog post.