They know how to make their version number vary at runtime, but they don't know not to copy/paste someone else ID?
They don't know not to copy/paste someone else's ID, yet their add-on has become more popular than OP's overnight?
Malware is not "a bridge too far". If it looks like a duck and quacks like a duck...
OP: ask Mozilla staff to comb their incoming stats logs for IPs suspected of infection then search Spamhaus, RBL type databases for matches. If the malware is spread via email, you might find a copy of it that way.
They don't know not to copy/paste someone else's ID, yet their add-on has become more popular than OP's overnight?
Malware is not "a bridge too far". If it looks like a duck and quacks like a duck...
OP: ask Mozilla staff to comb their incoming stats logs for IPs suspected of infection then search Spamhaus, RBL type databases for matches. If the malware is spread via email, you might find a copy of it that way.
This comment is insightful: https://bugzilla.mozilla.org/show_bug.cgi?id=1152966#c4 . A similar strategy would be to select the list of other addons that same machines have installed.