Are you sure there is malware? Maybe someone copy-pasted your id not knowing what they were doing, and they have a completely legitimate app otherwise.
They know how to make their version number vary at runtime, but they don't know not to copy/paste someone else ID?
They don't know not to copy/paste someone else's ID, yet their add-on has become more popular than OP's overnight?
Malware is not "a bridge too far". If it looks like a duck and quacks like a duck...
OP: ask Mozilla staff to comb their incoming stats logs for IPs suspected of infection then search Spamhaus, RBL type databases for matches. If the malware is spread via email, you might find a copy of it that way.
Each copy has a mostly-random version number. There are thousands of different version numbers such as 1009.99.992. That can't happen by accident. It's probably to thwart the Firefox block list.
Mozilla is putting the bogus version numbers on the Firefox blocklist. When Firefox adds add-on signing soon, the bogus versions should stop working.
As yet, we haven't seen the actual fake add-on that's doing this. I'd like to know what the attack is doing, and how it gets installed.
Firefox add-on signing is coming later in 2015, but the wall around the garden isn't complete yet. I just got an update from Mozilla; other add-on IDs are also being stolen.
