YouTube Unblocker for Firefox installed malware

Mozilla announced it has banned YouTube Unblocker, a popular extension that provided a proxy connection to let users view YouTube clips with a geographic restriction, because the add-on tampered with Firefox security preferences and installed a piece of malware named Adblock Converter. The browser maker added YouTube Unblocker to its blocklist, which means it will also be automatically removed from Firefox.

The issue was brought to light by a user via the Bugzilla bulletins:

I installed the add-on "YouTube Unblocker" version 0.6.20 from AMO. Immediately after installing my antivirus software (Avast) warned me of a blocked download from a third-party website associated with neither Mozilla nor the add-on. The download was another add-on which Avast categorized as malware.

Looking at the code of the add-on "YouTube Unblocker", I found the responsible code in the file youtubeunblocker@unblocker.yt esourcesunblocker-apilibutils.js following line 138. The function updateConfigFile() downloads files from a web server and places them onto the hard drive of the user. It checks for a "whitelist", so that - seemingly - no other files can be overwritten. The actual file list to update comes as response from the server api.unblocker.yt and is therefor not part of the add-on. The configuration I got from the server is in the attachement response.json (captured with Wireshark).

Just to be on the safe side, Ghacks provides detailed removal instructions over here. A list of alternative YouTube unblockers can be found over here.